chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples (e.g., fill {"uid":"#password","value":"pass"}) and workflows instruct generating commands that embed plaintext credentials into mcp commands/shell pipelines, meaning the LLM would need to include secret values verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly navigates to arbitrary public URLs (e.g., navigate_page {"url":"https://example.com"} and tests using https://httpbin.org or localhost) and returns page content via take_snapshot, console logs, and network requests which the agent is expected to read and could materially influence subsequent actions.