chrome-devtools
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it instructs the agent to ingest and analyze untrusted content from the DOM, console logs, and network responses of debugged pages. Evidence is found in references/elements.md, references/console.md, and references/network.md. There are no boundary markers or instructions to sanitize this external input, while the agent is given capabilities to execute JavaScript snippets and modify local files via Workspaces.
- [COMMAND_EXECUTION]: The skill contains documentation for modifying system policies on macOS, Linux, and Windows to manage AI feature availability, as seen in references/ai.md. These commands represent a risk of unauthorized system modification if followed by an agent.
- [EXTERNAL_DOWNLOADS]: The skill includes code patterns for downloading external scripts, specifically the jQuery library from code.jquery.com in references/getting_started.md. This targets a well-known service and is documented for development use.
Audit Metadata