chrome-cdp

This module is an automation-style CDP injector that will load and execute a remote JavaScript URL in a target browser tab via Runtime.evaluate + DOM <script> injection. While it contains no explicit exfiltration or persistence logic in the shown fragment, its design is inherently high-impact because any untrusted or attacker-controlled --url results in arbitrary page-context script execution. The absence of URL validation/allowlisting and reliance on a user-supplied CDP endpoint materially increase misuse risk.