chrome-debug
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): This skill exposes a surface for indirect prompt injection by allowing the agent to load and process data from arbitrary external URLs. 1. Ingestion points: Untrusted data enters the context via
mcp__chrome-devtools__navigate_pageandmcp__chrome-devtools__take_snapshot. 2. Boundary markers: None; the skill instructions do not define delimiters or warnings for the agent to ignore embedded instructions in web content. 3. Capability inventory: The agent can execute shell commands (npm run chrome), write files (take_screenshot), and interact with page elements (click,fill). 4. Sanitization: None; no validation or filtering of browser-retrieved data is specified. - [COMMAND_EXECUTION] (SAFE): The use of
npm run chrometo initialize the browser environment is a standard local operation and does not process external or untrusted strings.
Audit Metadata