Skills
skills/oimiragieo/agent-studio/chrome-browser/Gen Agent Trust Hub

chrome-browser

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The wrapper script scripts/main.cjs uses child_process.spawn to execute a local JavaScript file located at .claude/tools/chrome-browser/chrome-browser.cjs.
  • [REMOTE_CODE_EXECUTION]: The skill provides tools for dynamic code execution within the browser context, such as mcp__chrome-devtools__evaluate_script and mcp__claude-in-chrome__javascript_tool. These allow the agent to run arbitrary JavaScript on any website it visits.
  • [DATA_EXFILTRATION]: The skill is designed to interact with authenticated web applications. Tools like get_network_request, take_screenshot, and get_page_text can be used to capture sensitive personal or corporate data from logged-in sessions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external web content.
  • Ingestion points: Web page content (DOM), accessibility trees, console logs, and network traffic via tools like take_snapshot and read_page.
  • Boundary markers: None present in the instructions to differentiate between site content and agent instructions.
  • Capability inventory: Arbitrary JavaScript execution, network inspection, form filling, and interaction with authenticated apps.
  • Sanitization: No sanitization or validation of the ingested browser data is performed before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 03:50 AM