Skills
skills/addyosmani/agent-skills/browser-testing-with-devtools/Snyk

browser-testing-with-devtools

Warn

Audited by Snyk on Apr 4, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to use Chrome DevTools MCP to read live DOM content, console logs, and network responses from web pages (browser content) — untrusted third-party data the agent ingests and that can materially influence decisions (see "Available Tools" and "Security Boundaries").

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's .mcp.json instructs runtime execution of a remote npm package via npx ("@anthropic/chrome-devtools-mcp@latest"), which will fetch and execute remote code and is required for the skill to function.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 10:17 PM
Issues
2