chrome-cdp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's CLI usage and examples show passing sensitive values (e.g., passwords) directly as command-line arguments (e.g., --value "secret" / --password), which requires the agent to include secret values verbatim in generated commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's core scripts (e.g., scripts/navigate.mjs, open-tab.mjs, inject.mjs, eval.mjs, get-html.mjs, get-text.mjs and the SKILL.md workflows) navigate to arbitrary URLs, load/extract page HTML/text and even inject/execute remote scripts from arbitrary web pages, so untrusted public third‑party content can be read and can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The inject.mjs script takes a runtime URL (example shown: http://localhost:3000/extract.js) and appends a to the page, causing arbitrary remote JavaScript to be fetched and executed in the page context, which meets the criteria of executing remote code at runtime.