Skills
skills/cygnusfear/agent-skills/chrome-devtools/Gen Agent Trust Hub

chrome-devtools

Warn

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the installation of the mcptools CLI from a third-party GitHub repository (github.com/f/mcptools) and execute the chrome-devtools-mcp package via bunx -y. These resources are not from the trusted vendors list.
  • [COMMAND_EXECUTION]: Employs the Bash tool to execute pkill for process termination and mcp shell for command pipelining.
  • [REMOTE_CODE_EXECUTION]: Includes the evaluate_script tool, which executes arbitrary JavaScript within the browser context. This allows for runtime code execution against remote web content.
  • [PROMPT_INJECTION]: The skill possesses a broad attack surface for indirect prompt injection due to its ability to ingest and process untrusted external data.
  • Ingestion points: Browser data is retrieved via take_snapshot and list_console_messages in SKILL.md.
  • Boundary markers: There are no protective delimiters or instructions to ignore instructions embedded within the retrieved web data.
  • Capability inventory: The agent has access to Bash, evaluate_script, and Write tools, which could be exploited if malicious instructions are ingested.
  • Sanitization: No sanitization or validation of the data retrieved from the browser is mentioned or implemented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 23, 2026, 11:19 AM