chrome-devtools-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and process untrusted data from external websites.
- Ingestion points: The agent reads content from the browser DOM, console logs via
list_console_messages, and network headers/bodies. - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted web content from the agent's instructions.
- Capability inventory: The skill possesses powerful capabilities including
evaluate JS(browser context),click/type/drag, and network inspection. - Sanitization: The documentation does not specify any sanitization or validation of the data retrieved from the browser before it is processed by the LLM.
- [COMMAND_EXECUTION] (SAFE): JavaScript Evaluation. The skill allows for the execution of arbitrary JavaScript via the
evaluate JScapability. - Context: This behavior is fundamental to the primary purpose of a browser debugging tool (DevTools).
- Risk Mitigation: The execution is restricted to the browser context being debugged rather than the host system, though it still represents a high-privilege action within that environment.
Audit Metadata