troubleshooting
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill is instructed to search for and read various configuration files, including
.mcp.json,.claude/settings.json, and.gemini/settings.json. These files frequently contain sensitive information such as API keys, environment variables, and authentication tokens for other MCP services. Accessing these files exposes potential secrets to the agent context. - [COMMAND_EXECUTION]: The skill executes shell commands for diagnostics, specifically
npx chrome-devtools-mcp@latestand the GitHub CLI (gh). While these are used for troubleshooting purposes, they represent active command execution on the user's system. - [EXTERNAL_DOWNLOADS]: The skill fetches content from external sources, including documentation from the
ChromeDevToolsGitHub repository and potentially downloading the latest version of thechrome-devtools-mcppackage vianpx. These resources originate from the vendor's official repositories. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads troubleshooting guides and searches GitHub issues. Content from these external, attacker-influenced sources could contain malicious instructions intended to manipulate the agent's behavior during a troubleshooting session.
- Ingestion points: Reads
https://github.com/ChromeDevTools/chrome-devtools-mcp/blob/main/docs/troubleshooting.mdand searches GitHub issues using theghtool. - Boundary markers: None identified; external content is processed directly in the diagnostic flow.
- Capability inventory: Includes local file reading and shell command execution (
npx,gh). - Sanitization: No explicit sanitization or filtering of external GitHub content is performed before processing.
Audit Metadata