Skills
skills/aradotso/trending-skills/chrome-cdp-live-browser/Gen Agent Trust Hub

chrome-cdp-live-browser

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs its core components from an unverified GitHub repository (pasky/chrome-cdp-skill) which is outside the trusted vendor scope.
  • [COMMAND_EXECUTION]: Executes Node.js scripts that access sensitive local browser profile directories (e.g., ~/Library/Application Support/Google/Chrome/) to find debugging ports.
  • [DATA_EXFILTRATION]: Provides explicit functionality to extract session cookies (Network.getCookies) and read content from authenticated browser tabs (e.g., Gmail, GitHub), presenting a high risk of sensitive data exposure.
  • [REMOTE_CODE_EXECUTION]: Enables arbitrary JavaScript execution (eval) and raw Chrome DevTools Protocol command injection (evalraw) within the user's active browser session.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because the agent processes untrusted webpage content (ingestion via snap and html commands in SKILL.md) and possesses powerful browser interaction capabilities (subprocesses in scripts/cdp.mjs) without boundary markers or sanitization. Mandatory evidence chain: 1. Ingestion point: scripts/cdp.mjs snap and html. 2. Boundary markers: Absent. 3. Capability inventory: scripts/cdp.mjs (eval, click, type, shot). 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 11:49 PM