browser-debugging
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @anthropic/chrome-devtools-mcp package from the official NPM registry. This is a standard installation of a tool from a well-known developer.
- [COMMAND_EXECUTION]: Instructs the user or agent to execute shell commands to launch Google Chrome with remote debugging enabled and to modify local configuration files like ~/.mcp.json.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external websites (such as console logs, network responses, and DOM structure), creating an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context through methods like devtools.get_console_logs, devtools.get_network_requests, and devtools.query_selector described in SKILL.md.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded in the processed web data.
- Capability inventory: The toolset includes browser JavaScript execution (evaluate_expression) and network monitoring, which could be exploited if malicious content is processed.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from web pages before it is analyzed by the agent.
Audit Metadata