chrome-devtools
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of multiple Node.js scripts (
navigate.js,screenshot.js,evaluate.js, etc.) and a shell script (install-deps.sh) to perform its browser automation functions. - [EXTERNAL_DOWNLOADS]: The installation process involves downloading Node.js packages (
puppeteer,debug,yargs) from the NPM registry and system libraries via package managers likeapt-geton Linux environments to support Chrome's execution. - [REMOTE_CODE_EXECUTION]: The
evaluate.jstool allows for the dynamic execution of arbitrary JavaScript code within the browser context via the--scriptparameter, which can be used to run logic against the DOM of a loaded page. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted external URLs that could contain malicious instructions.
- Ingestion points: Data is ingested from arbitrary web pages via scripts like
snapshot.js,scrape.js,console.js, andnetwork.js. - Boundary markers: There are no identified boundary markers or explicit instructions to the agent to disregard instructions embedded within the scraped or monitored web content.
- Capability inventory: Across the provided scripts, the skill can execute code in the browser context (
evaluate.js), write files (screenshot.js), and perform network monitoring (network.js). - Sanitization: The skill documentation does not mention sanitizing, filtering, or escaping the content retrieved from external websites before the agent interprets the resulting JSON output.
Audit Metadata