browser-debugging
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
claudishpackage globally vianpm install -g claudish. This is a standard dependency for the skill's visual analysis functionality. - [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to execute the
claudishCLI tool for processing screenshots through external vision models. It also utilizes thejavascript_toolto execute arbitrary scripts within the browser context to facilitate debugging. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from external websites.
- Ingestion points: Untrusted data enters the agent context through
mcp__claude-in-chrome__read_page,mcp__claude-in-chrome__read_console_messages, andmcp__claude-in-chrome__read_network_requeststools used in various recipes. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the recipes provided.
- Capability inventory: The agent has access to
javascript_toolfor browser-side execution and shell execution viaclaudishas well as network access through browser navigation tools. - Sanitization: No sanitization or filtering of the ingested browser content is performed before it is presented to the agent or external vision models.
Audit Metadata