browser-debugging

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to retrieve cookies, local/sessionStorage, and full network request bodies/headers (which may contain tokens or passwords), so the agent would need to handle and could output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and commands (e.g., browser-use navigation plus chrome-devtools calls like devtools.get_console_logs, devtools.get_request_detail with include_body, devtools.get_page_info and devtools.evaluate_expression that read DOM/localStorage/window.NEXT_DATA) explicitly fetch and inspect content from arbitrary webpages/targets, so untrusted third-party page content could be read and influence subsequent debugging actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's MCP config and install instructions invoke npx @anthropic/chrome-devtools-mcp (fetched from the npm registry, e.g. https://registry.npmjs.org/@anthropic/chrome-devtools-mcp) at runtime, which will download and execute remote code that the skill relies on.