chrome-devtools
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation references the use of
npx chrome-devtools-mcp@latestfor configuration. This package is the primary tool for the skill and is provided by the vendor. - [REMOTE_CODE_EXECUTION]: The
evaluate_scripttool allows for the execution of JavaScript within the context of the browser. This is a standard and necessary feature for DevTools-based automation. - [COMMAND_EXECUTION]: The instructions describe running CLI commands with parameters to configure the browser lifecycle and MCP server.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection, as it is designed to ingest and process data from arbitrary web pages.
- Ingestion points: Data enters the agent's context through web pages accessed via
navigate_page,new_page, and structural snapshots viatake_snapshot. - Boundary markers: The instructions do not specify any delimiters or safety warnings to distinguish web-sourced content from agent instructions.
- Capability inventory: The skill possesses tools for script execution (
evaluate_script), page navigation, and element interaction (click,fill). - Sanitization: There is no evidence of filtering or validation of the content retrieved from external URLs before processing.
Audit Metadata