chrome-devtools-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation and manifest specify the use of the
chrome-devtools-mcppackage, which is fetched from the npm registry at runtime usingnpx. - [COMMAND_EXECUTION]: The MCP server is launched via shell commands (
npx), which execute the downloaded package on the host system to provide browser automation capabilities. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it is designed to ingest and analyze untrusted data from external websites, such as DOM structures, console logs, and network responses. A malicious website could host instructions intended to manipulate the agent's behavior.
- Ingestion points: Tools used to inspect console output, network traffic, and DOM state as described in
SKILL.md. - Boundary markers: Absent; the skill does not specify the use of delimiters or instructions to ignore embedded commands within the browser data.
- Capability inventory: The skill allows for full browser control, including JavaScript execution, navigation, and information retrieval (screenshots/traces).
- Sanitization: Absent; there is no mention of filtering or sanitizing the data retrieved from the browser before it is processed by the agent.
Audit Metadata