chrome-devtools
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to download and execute the
chrome-devtools-mcppackage from the NPM registry using thenpxcommand during setup and execution.- [REMOTE_CODE_EXECUTION]: Theevaluate_scripttool allows for the execution of arbitrary JavaScript functions within the context of the active browser page, which can be used to manipulate page content or exfiltrate data from the browser session.- [DATA_EXFILTRATION]: Theupload_filetool enables the agent to read local files from the host system and upload them to any website navigated to by the browser. Additionally, multiple tools includingtake_screenshot,take_snapshot,performance_start_trace, andget_network_requestacceptfilePathparameters, allowing the agent to write data to arbitrary locations on the local filesystem.- [COMMAND_EXECUTION]: The skill configuration requires the execution of thenpxcommand-line utility to run the MCP server.- [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it ingests untrusted data from web pages (via snapshots, console logs, and network requests) without boundary markers or sanitization, and has the capability to perform sensitive actions like file uploads and script execution based on that data. Evidence Chain: 1. Ingestion:take_snapshot(Accessibility Tree),list_console_messages,list_network_requests. 2. Boundaries: Absent. 3. Capabilities:upload_file,evaluate_script,navigate_page. 4. Sanitization: Absent.
Audit Metadata