browser-testing-with-devtools
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains patterns like 'Ignore previous instructions' used exclusively within a defensive context. It instructs the agent to treat such commands found in browser content as untrusted data rather than instructions, which is a security best practice.
- [EXTERNAL_DOWNLOADS]: The instructions include installing
@anthropic/chrome-devtools-mcpvia npx. This package originates from a well-known, trusted organization. - [DATA_EXFILTRATION]: The skill explicitly defines security boundaries, forbidding the exfiltration of secrets, tokens, or credentials found during browser inspection. It also restricts JavaScript execution to read-only operations for state inspection.
- [COMMAND_EXECUTION]: Standard installation commands for the MCP server are provided in the documentation.
Audit Metadata