chrome-cdp
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The eval and evalraw commands allow execution of arbitrary JavaScript or raw CDP commands within the browser context, providing full control over the page's execution environment.
- [DATA_EXFILTRATION]: Data exposure occurs through commands like shot, html, and snap, which retrieve browser viewport screenshots, page HTML, and accessibility trees for the agent to process.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external websites. Ingestion points: Content is retrieved from the DOM and accessibility tree in scripts/cdp.mjs. Boundary markers: No explicit delimiters or instructions are used to separate page data from agent instructions. Capability inventory: The skill can navigate to URLs, click elements, and execute scripts. Sanitization: No filtering or escaping is performed on the ingested content.
Audit Metadata