chrome-devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's CLI scripts (e.g., navigate.js, snapshot.js, screenshot.js, evaluate.js, network.js, console.js) explicitly navigate to and ingest arbitrary public URLs via puppeteer's page.goto and page.evaluate and then extract DOM/text/selectors/console/network data which the agent uses (e.g., snapshot → click/fill chains), so untrusted third‑party page content can materially influence subsequent tool actions and enable indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.50). The skill instructs running install-deps.sh and explicit sudo apt-get install commands (and recommends sudo for installing ImageMagick and libraries), which modify system packages and require elevated privileges, so it pushes changes to the machine state.