browser-testing-with-devtools
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): The skill installs the
@anthropic/chrome-devtools-mcppackage via npx. This is a trusted source (Anthropic), so the risk of the server itself being malicious is low. - [COMMAND_EXECUTION] (HIGH): The 'JavaScript Execution' tool allows the agent to run arbitrary code within the page context. While limited to the browser, this capability can be abused if the agent is manipulated.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: The agent reads the DOM tree, console logs, and network responses from arbitrary URLs. 2. Boundary markers: No delimiters or sanitization logic is specified to separate web content from instructions. 3. Capability inventory: The agent has high-privilege browser capabilities including JavaScript execution and navigation. 4. Sanitization: Absent. A malicious site could embed instructions in a hidden element or console log to hijack the agent's flow.
Recommendations
- AI detected serious security threats
Audit Metadata