chrome-devtools
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/install-deps.shscript usessudoto install system packages on Linux distributions. This requires administrative privileges and modifies the host system's configuration. - [REMOTE_CODE_EXECUTION]: The
scripts/evaluate.jsscript utilizeseval()to execute arbitrary JavaScript code passed as a command-line argument. While this occurs within the browser sandbox, it allows the agent to execute dynamic and potentially untrusted code. - [EXTERNAL_DOWNLOADS]: The skill triggers the download of Node.js dependencies (
puppeteer,debug,yargs) and various system libraries through native package managers (apt, dnf, pacman). These downloads originate from official and well-known repositories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its broad capabilities and data ingestion.
- Ingestion points: Data is ingested from external websites via
snapshot.js(DOM elements),console.js(logs), andnetwork.js(headers and response bodies). - Boundary markers: The scripts do not implement delimiters or provide instructions to the agent to ignore commands potentially embedded in the ingested web content.
- Capability inventory: The skill possesses powerful capabilities including browser control (clicking, form filling) and arbitrary script execution (
evaluate.js). - Sanitization: Content retrieved from external websites is returned to the agent in raw JSON format without filtering or sanitizing for malicious instructions.
Audit Metadata