chrome-devtools
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains a safety instruction for the agent to ignore command-like text (such as "Ignore previous instructions") found within web page content. This is a defensive measure against indirect prompt injection and does not constitute a malicious attempt to bypass agent guardrails.
- [EXTERNAL_DOWNLOADS]: The installation guide references "chrome-devtools-mcp@latest" via npx. This is the core dependency required for the skill's functionality. The configuration provided includes privacy-conscious flags to disable tracking and update checks.
- [SAFE]: The skill correctly identifies that all data retrieved from a browser (DOM, logs, network) is untrusted. It mandates a security boundary, instructing the agent to never interpret this data as instructions and providing "Content Boundary Markers" to separate trusted instructions from untrusted browser data.
- [SAFE]: The skill facilitates JavaScript execution within the browser context. It includes proactive security constraints to limit this capability: it must be read-only for state inspection, is forbidden from making external network requests, and is explicitly barred from accessing credentials like cookies or tokens.
Audit Metadata