chrome-devtools-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill lets the agent connect to and navigate arbitrary web endpoints (see Inputs: "target app URL" and flags like --browserUrl/--wsEndpoint) and explicitly instructs the agent to inspect console, network, DOM, and execute JavaScript (Workflow / Practical Usage Patterns and "The server can see and act on browser content"), so untrusted/public page content could be ingested and materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs runtime use of "npx -y chrome-devtools-mcp@latest", which fetches and executes a remote npm package (chrome-devtools-mcp from the npm registry) as a required dependency, thereby running remote code on the host.