chrome-debug
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a vulnerability surface by ingesting untrusted data from external websites via console logs and JavaScript evaluation.
- Ingestion points:
scripts/chromectl.py console-tailstreams logs, andscripts/chromectl.py evalretrieves page state/content. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the workflows.
- Capability inventory: The skill can launch processes, navigate to arbitrary URLs, execute JavaScript in the browser context, and capture screenshots.
- Sanitization: There is no evidence of sanitization or filtering of data received from the browser before it is processed by the AI agent.
- [Command Execution] (LOW): The skill frequently executes a local Python script (
scripts/chromectl.py) to manage Chrome instances and interact with the DevTools Protocol. This behavior is aligned with the skill's stated purpose. - [External Downloads] (LOW): The skill documentation indicates it uses
uvto manage theaiohttpdependency. Whileaiohttpis a reputable library, automated package management during runtime presents a minor risk of dependency confusion if not pinned to hashes.
Audit Metadata