chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and workflows explicitly pass credentials as literal CLI arguments (e.g., --value "secret" for a password) and instruct filling login fields with plaintext values, which forces the agent to include secret values verbatim in generated commands and outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and processes arbitrary public web pages supplied via --url (see scripts/navigate.js, evaluate.js, snapshot.js, network.js, console.js and performance.js), ingesting untrusted third‑party/user-generated content which the agent reads and interprets as part of its workflows.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit system dependency installation that uses sudo (e.g., "sudo apt-get install -y ..." and an install-deps.sh that likely performs privileged installs), which instructs modifying system state requiring elevated privileges.