chrome-devtools-axi
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs and executes the chrome-devtools-axi package from the npm registry using npx -y and npm install -g commands. This is the core functionality provided by the vendor to enable browser automation.\n- [COMMAND_EXECUTION]: The agent executes terminal commands to control the browser, including navigation (open), interaction (click, fill), and data extraction (snapshot, eval). These commands facilitate the automation of web tasks through the CLI bridge.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from external websites that may contain malicious instructions aimed at the agent.\n
- Ingestion points: The agent ingests untrusted data from web pages via accessibility snapshots, console logs, and network request summaries retrieved by the CLI tool.\n
- Boundary markers: The instructions do not specify any delimiters or safety markers to differentiate between the agent's instructions and the content being processed from the browser.\n
- Capability inventory: The skill possesses the ability to execute terminal commands (via npx), write responses to the local file system (e.g., /tmp/response.json), and evaluate arbitrary JavaScript within the browser context.\n
- Sanitization: There are no documented procedures for sanitizing or validating the ingested web content before it is processed by the agent's logic.
Audit Metadata