chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes examples that pass passwords/secret values directly on the command line (e.g., node fill.js --selector "#password" --value "secret"), which encourages embedding secrets verbatim in generated commands or outputs and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., navigate.js, evaluate.js, snapshot.js, screenshot.js and the "Web Scraping" examples) accept arbitrary --url targets and extract/evaluate page content, meaning the agent fetches and interprets untrusted public web pages and user-generated content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs running an install-deps script and explicit sudo package-install commands (apt/dnf/yum/pacman) that modify system libraries and require elevated privileges, which pushes the agent to perform privileged, state-changing operations on the host.