install-chrome-devtools-mcp
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch and run thechrome-devtools-mcppackage from the npm registry. This package is not provided by a trusted vendor or well-known service. - [REMOTE_CODE_EXECUTION]: By using
npx -y package@latest, the skill executes code from a remote source without version pinning or integrity verification, which is a potential vector for supply chain attacks. - [COMMAND_EXECUTION]: The provided
evaluate_scripttool allows the agent to execute arbitrary JavaScript in the browser context. This capability could be misused if the agent's context is manipulated via external data. - [DATA_EXFILTRATION]: Instructing users to open a remote debugging port (
9222) exposes their active browser sessions. A malicious agent or an external process could use this connection to capture sensitive information like session cookies and authenticated site data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
- Ingestion points: Untrusted data enters the agent context via
navigate_page,list_console_messages, andget_network_requestfrom external websites. - Boundary markers: Absent. There are no instructions to differentiate between user commands and data retrieved from external sources.
- Capability inventory: The skill possesses capabilities to write to the browser (evaluate_script, click, fill) and navigate to new origins.
- Sanitization: No sanitization is performed on console logs or network data before being processed by the agent.
Audit Metadata