chrome-devtools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill controls a real Chrome browser and explicitly navigates arbitrary URLs and reads/extracts page content, DOM, console and network data (see SKILL.md and references/claude-code-integration.md and references/devtools-mcp.md which list "Navigate to URLs", "Read page content and DOM state" and examples like checking competitor blogs/pricing pages), so untrusted third‑party webpages can be ingested and materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime installation/launch commands that fetch and execute remote code — e.g., "npx chrome-devtools-mcp@latest" (which downloads and runs the chrome-devtools-mcp npm package as the MCP server the skill depends on), so external code is fetched at runtime and directly executes to provide tools the agent uses.