devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly launches a real Chrome instance with a user-supplied (see SKILL.md Step 5 and scripts/launch_chrome.sh) and uses the chrome-devtools-mcp tools to capture DOM snapshots, console messages and network responses, meaning the agent will fetch and interpret arbitrary web content that could be untrusted and influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs npx to fetch and execute the chrome-devtools-mcp package at runtime (e.g., "claude mcp add chrome-devtools -- npx chrome-devtools-mcp@latest") and references the project at https://github.com/ChromeDevTools/chrome-devtools-mcp, which means remote code is downloaded/executed and is required for the skill to operate.