browser-setup-devtools
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes remote code from the npm registry using 'npx -y chrome-devtools-mcp@latest', which downloads and runs a third-party package without version pinning or source verification.
- [EXTERNAL_DOWNLOADS]: The skill fetches the '@different-ai/opencode-browser' package from npm to install the fallback browser extension. As a vendor-provided resource, this is part of the intended setup process.
- [COMMAND_EXECUTION]: The skill uses 'open', 'start', and 'xdg-open' to launch browser instances and access internal extension management pages.
- [PROMPT_INJECTION]: The skill interacts with untrusted browser content, creating a surface for indirect prompt injection.
- Ingestion points: Tab information is retrieved using 'chrome-devtools_list_pages' (SKILL.md).
- Boundary markers: No delimiters or warnings are used to isolate ingested data.
- Capability inventory: The skill can execute shell commands and modify local configuration (SKILL.md).
- Sanitization: No data validation is performed on retrieved browser content.
Audit Metadata