chrome-devtools
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The
scripts/install-deps.shscript usessudoto install system packages on Linux distributions. This privilege escalation is necessary for Puppeteer dependencies but poses a risk if the script is executed in an untrusted or multi-tenant environment. - DATA_EXFILTRATION (MEDIUM): The
scripts/inject-auth.jsscript andscripts/lib/browser.jsutility store sensitive authentication data, including cookies and Bearer tokens, in a local plaintext file named.auth-session.json. This local data exposure could allow an attacker with file system access to hijack active web sessions. - REMOTE_CODE_EXECUTION (MEDIUM): The
scripts/evaluate.jsscript useseval()to execute arbitrary JavaScript in the browser context. While this is a standard browser automation feature, it constitutes a dynamic execution surface that could be exploited if the inputs are influenced by malicious actors. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. It ingests external web content (via
navigate.js,snapshot.js, andnetwork.js) and lacks strict boundary markers or sanitization for this untrusted data. Given the skill's high-privilege capabilities (auth injection and JS execution), malicious web content could potentially trigger unintended actions.
Recommendations
- AI detected serious security threats
Audit Metadata