The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx chrome-devtools-mcp@latest to fetch the automation server from the NPM registry, which is a standard deployment method for this vendor's tools.
[COMMAND_EXECUTION]: Integration is performed via claude --chrome and claude mcp add commands to manage the communication bridge between the CLI and the Chrome browser.
[REMOTE_CODE_EXECUTION]: The skill includes an evaluate_script tool that enables the agent to execute JavaScript within the browser context, which is essential for interaction and data extraction.
[DATA_EXFILTRATION]: There is a structural risk of data exposure as the tool is designed to access sensitive information in authenticated sessions (e.g., Gmail, Notion) and monitor network/console activity for automation purposes.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of reading and acting upon content from external, untrusted websites.
Ingestion points: Untrusted data enters the agent context via navigate_page and tools for reading DOM content or page state.
Boundary markers: No specific delimiters or "ignore instructions" warnings for processed web content are documented.
Capability inventory: Powerful capabilities include click, fill_form, evaluate_script, press_key, and upload_file.
Sanitization: There is no mention of filtering or sanitizing external website content before processing.

chrome-devtools