chrome-devtools-axi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow invokes chrome-devtools-axi open <url> / subsequent snapshotting, which causes the tool to fetch and parse OUTSIDER-authored web page content (public page text/DOM/accessibility tree) into the agent-visible LLM context via AXI snapshots and element refs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs runtime installation and execution via npx (e.g., "npx -y chrome-devtools-axi"), which fetches and runs remote package code (source repo referenced at https://github.com/kunchenguid/chrome-devtools-axi), so there is a runtime external dependency that executes remote code.