chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes examples that pass passwords/credentials as literal command-line arguments (e.g., node fill.js --selector "#password" --value "secret"), which requires the agent to include secret values verbatim in generated commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Puppeteer scripts (e.g., navigate.js, evaluate.js, snapshot.js and screenshot.js) explicitly accept arbitrary --url targets and scrape/execute JavaScript on public websites (examples show node ... --url https://example.com), meaning the agent will fetch and interpret untrusted third-party web content that could carry indirect prompt-injection payloads.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.50). The skill instructs running install-deps.sh and explicit sudo apt-get install commands (and recommends sudo for installing ImageMagick and libraries), which modify system packages and require elevated privileges, so it pushes changes to the machine state.