chrome-devtools-cli
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the chrome-devtools-mcp package via NPM. This is a prerequisite for the CLI tools and is the official package provided by the vendor.
- [COMMAND_EXECUTION]: The skill executes the chrome-devtools CLI tool to perform various browser automation tasks such as navigating pages and interacting with UI elements.
- [DATA_EXFILTRATION]: The skill contains tools that interact with the local file system, including upload_file, take_memory_snapshot, and performance_start_trace using the --filePath argument. These functionalities are standard for automation and debugging.
- [REMOTE_CODE_EXECUTION]: The skill provides an evaluate_script tool that allows executing arbitrary JavaScript within the browser context, which is a core feature of Chrome DevTools.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its handling of external web content.
- Ingestion points: The skill ingests untrusted data through tools like take_snapshot, list_console_messages, and list_network_requests in SKILL.md.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded content are present in the ingested data.
- Capability inventory: The skill possesses capabilities including evaluate_script, click, fill, and navigate_page in SKILL.md.
- Sanitization: There is no evidence of sanitization of external content before processing.
Audit Metadata