troubleshooting
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to search for and read potentially sensitive configuration files, including .claude/settings.json and .vscode/launch.json. These files can contain environment variables, API keys, or other credentials which are then exposed to the agent's context for troubleshooting.
- [EXTERNAL_DOWNLOADS]: Fetches troubleshooting guidelines from the official ChromeDevTools GitHub repository to assist in error mapping.
- [REMOTE_CODE_EXECUTION]: Recommends running npx chrome-devtools-mcp@latest, which downloads and executes the vendor's latest package from the npm registry to verify the environment.
- [COMMAND_EXECUTION]: Uses the GitHub CLI (gh) and npx to run diagnostic routines. It interpolates tool error strings directly into shell commands for GitHub searches, which could lead to command injection if an error message contains malicious shell characters.
- [PROMPT_INJECTION]: The skill processes untrusted error data from failed tool calls, creating an indirect prompt injection surface.
- Ingestion points: Error messages from list_pages, new_page, and navigate_page failures.
- Boundary markers: None present to delimit error data from instructions.
- Capability inventory: Shell execution (npx, gh), file system reading (IDE configurations).
- Sanitization: No sanitization of error strings is performed before they are used in commands or logical processing.
Audit Metadata