Skills
skills/hixuanxuan/browser-automation/chrome-cdp/Gen Agent Trust Hub

chrome-cdp

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/inject.mjs allows for the execution of remote code within the browser context by injecting a script tag with a source URL provided as a command-line argument.
  • [COMMAND_EXECUTION]: The skill provides scripts/eval.mjs, which allows the agent to execute arbitrary JavaScript expressions in the active browser tab using the Chrome DevTools Protocol Runtime.evaluate command.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interacts with and extracts content from arbitrary, untrusted web pages which may contain malicious instructions designed to subvert the agent's logic.
  • Ingestion points: Untrusted data enters the agent context through scripts/get-html.mjs (outer HTML) and scripts/get-text.mjs (element text content).
  • Boundary markers: The scripts do not implement any boundary markers or delimiters to isolate the retrieved web content from the agent's instructions.
  • Capability inventory: The skill possesses significant capabilities including network navigation (scripts/navigate.mjs), file writing (scripts/screenshot.mjs), and arbitrary JavaScript execution in the browser (scripts/eval.mjs and scripts/inject.mjs).
  • Sanitization: There is no evidence of sanitization or filtering of the extracted web content before it is passed back to the agent for processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:09 AM