chrome-cdp-live-browser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill exposes CDP commands (e.g., Network.getCookies, raw eval) and workflows that read authenticated pages, cookies, and DOM data, which can return session tokens and secrets that an agent might be required to include verbatim in outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly connects to live Chrome tabs and ingests/arbitrarily executes content from web pages (see SKILL.md "Typical Agent Workflow" and commands like scripts/cdp.mjs html, snap, eval, nav which read GitHub/Gmail/https://example.com and other arbitrary open URLs), so untrusted public webpages can be read and can materially influence subsequent agent actions.