browser-debugging

Fail

Audited by Snyk on Jun 14, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt includes explicit plaintext credential examples (e.g., "SecurePass123!" used in mcp__claude-in-chrome__form_input) which instruct the agent to emit secret values verbatim in generated commands/actions, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required runtime workflow uses Claude-in-Chrome to navigate to a (potentially user-supplied) URL and then ingests readable page text/DOM and console/network messages into the agent’s LLM context, which can include outsider-authored free text from public web pages or other non-user-controlled content.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 14, 2026, 03:25 PM
Issues
2
Security Audit — snyk — browser-debugging