The Agent Skills Directory

[DATA_EXFILTRATION]: The mcp__plugin_chromedev-tools_cdt__browser_file_upload tool allows the agent to specify absolute file paths for upload. This provides a direct mechanism to exfiltrate sensitive local files (e.g., SSH keys, credentials, or system configs) if the agent is manipulated into performing an upload to an external site.
[DATA_EXFILTRATION]: The mcp__plugin_chromedev-tools_cdt__list_network_requests tool exposes full HTTP request and response headers. This can leak session tokens, API keys, and cookies to the agent's logs or context.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from web pages. Ingestion points: mcp__plugin_chromedev-tools_cdt__navigate_page (page content), mcp__plugin_chromedev-tools_cdt__take_snapshot (DOM tree), and mcp__plugin_chromedev-tools_cdt__list_console_messages (browser logs). Boundary markers: Absent; there are no instructions to differentiate between page data and agent commands. Capability inventory: Extensive browser control, including arbitrary JavaScript execution (evaluate_script) and file system interaction (browser_file_upload). Sanitization: No evidence of content filtering or safety checks on data retrieved from external URLs.
[REMOTE_CODE_EXECUTION]: The mcp__plugin_chromedev-tools_cdt__evaluate_script and mcp__plugin_chromedev-tools_cdt__browser_run_code tools enable the execution of arbitrary JavaScript and Playwright code within the browser instance. This is a high-impact capability that can be misused to perform actions on behalf of the user within the browser context.

chrome-devtools