chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill examples and workflows show passing passwords/secret values directly on the command line (e.g., --value "secret") and filling forms with plaintext values, which would require the agent to include secrets verbatim in generated commands or code and thus pose an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI scripts (e.g., navigate.js, evaluate.js, snapshot.js, console.js, network.js and others) explicitly accept arbitrary --url values and use Puppeteer to fetch and execute or extract content from public web pages, meaning untrusted third-party page content can be read and influence actions (e.g., evaluate(), DOM snapshot, clicks, form fills) during runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs running an install-deps.sh that auto-installs system libraries and explicitly shows sudo apt-get install commands to add system packages, which requires elevated privileges and modifies the machine state.