chrome-devtools
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown documentation for the chrome-devtools MCP server and does not include any executable scripts, binaries, or configuration files.- [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection as it is designed to ingest and process content from untrusted external websites.
- Ingestion points: Data from external sources enters the agent's context through tools such as
take_snapshot,list_console_messages, andlist_network_requests(SKILL.md). - Boundary markers: There are no defined delimiters or instructions provided to the agent to treat retrieved web content as untrusted or to ignore instructions embedded within that content.
- Capability inventory: The skill provides access to sensitive capabilities including
evaluate_script,click,fill, andupload_file(SKILL.md), which could be targeted by instructions on a malicious web page. - Sanitization: No sanitization or validation mechanisms are described to filter content from the browser before it is interpreted by the agent.
Audit Metadata