cc_chrome_devtools_mcp_skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that pass authentication headers and tokens directly as CLI arguments (e.g., --wsHeaders='{"Authorization":"Bearer token"}' and wsEndpoint with an id), which encourages embedding secrets verbatim in commands/args and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill drives a real Chrome instance and explicitly navigates to arbitrary URLs and ingests page content (e.g., navigate_page, take_snapshot, list_network_requests/get_network_request, evaluate_script) so the agent will read and analyze untrusted public web pages and network responses, enabling indirect prompt injection.