chrome-devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly drives a real Chrome browser to arbitrary URLs (navigate_page/new_page in SKILL.md and references/tool-reference.md) and uses evaluate_script and snapshot-based scripts (e.g., scripts/extract-links.js, scripts/generate-playwright-test.js) to read and act on page DOM/content, which are untrusted third‑party sources and can directly influence subsequent tool calls and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configuration launches the MCP server with "npx chrome-devtools-mcp@latest" (which fetches and executes remote npm package code at runtime) and also references the GitHub repo URL https://github.com/ChromeDevTools/chrome-devtools-mcp for installation, so the skill depends on and executes externally fetched code during runtime.