browser-debugging

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the claudish package globally via npm install -g claudish. This is a standard dependency for the skill's visual analysis functionality.
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to execute the claudish CLI tool for processing screenshots through external vision models. It also utilizes the javascript_tool to execute arbitrary scripts within the browser context to facilitate debugging.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from external websites.
  • Ingestion points: Untrusted data enters the agent context through mcp__claude-in-chrome__read_page, mcp__claude-in-chrome__read_console_messages, and mcp__claude-in-chrome__read_network_requests tools used in various recipes.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the recipes provided.
  • Capability inventory: The agent has access to javascript_tool for browser-side execution and shell execution via claudish as well as network access through browser navigation tools.
  • Sanitization: No sanitization or filtering of the ingested browser content is performed before it is presented to the agent or external vision models.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:25 PM
Security Audit — agent-trust-hub — browser-debugging