Skills
skills/hotriluan/alkana-dashboard/chrome-devtools/Gen Agent Trust Hub

chrome-devtools

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides various CLI scripts, such as click.js, fill.js, and navigate.js, which execute browser automation tasks via Puppeteer to interact with web elements.
  • [REMOTE_CODE_EXECUTION]: Includes an evaluate.js script that allows the execution of arbitrary JavaScript within the browser context using eval(). While this is a high-risk capability, it is the primary intended function for a browser development and automation tool.
  • [CREDENTIALS_UNSAFE]: Scripts like inject-auth.js and import-cookies.js manage sensitive authentication data (cookies, tokens). This data is stored locally in .auth-session.json to enable session persistence across script executions without external exfiltration.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted external websites (via DOM snapshots, console monitoring, and network tracking). Malicious instructions hidden on a webpage could potentially influence the agent's logic.
  • [EXTERNAL_DOWNLOADS]: The installation scripts (install.sh, install-deps.sh) download necessary system libraries and official Node.js packages from established registries to support Puppeteer's execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:17 AM