mcp-chrome-devtools
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): Hardcoded test credentials (demo@test.com / 123123) are included for local testing. While labeled for non-production use, hardcoding is an insecure practice. Severity is reduced from HIGH to MEDIUM as they are associated with the skill's primary testing purpose.
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill depends on the io.github.ChromeDevTools/chrome-devtools-mcp server, which originates from a source outside of the trusted organizations list.
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection due to its interaction with external web content. 1. Ingestion points: Reads browser DOM, console logs, and network activity. 2. Boundary markers: Absent. 3. Capability inventory: Browser control via MCP server (clicks, typing, navigation). 4. Sanitization: Absent.
- [Command Execution] (SAFE): Instructions include standard local development commands like pnpm start and curl for server verification.
Audit Metadata