chrome-devtools-mcp-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and inspects arbitrary web pages (e.g., chrome-devtools-mcp-cli new_page url=..., the default autoConnect endpoint in SKILL.md and references/usage-patterns.md) and ingests DOM snapshots, network requests, and console messages from those pages, which are untrusted third-party content that could contain instructions influencing agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill runs npx to fetch and execute the chrome-devtools-mcp package at runtime (invocations like "npx -y chrome-devtools-mcp@latest"), which causes remote code to be downloaded and executed and thus relies on the external package (see https://github.com/ChromeDevTools/chrome-devtools-mcp); therefore the external fetch is a runtime dependency that can execute remote code.