chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and workflows explicitly pass credentials as literal CLI arguments (e.g., --value "secret" for a password) and instruct filling login fields with plaintext values, which forces the agent to include secret values verbatim in generated commands and outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., navigate.js, evaluate.js, snapshot.js, network.js) explicitly fetch and scrape arbitrary public URLs (see examples like "node evaluate.js --url " and "node screenshot.js --url https://example.com"), so the agent will ingest untrusted, user-generated web content and can use that content to drive automated actions and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit system dependency installation that uses sudo (e.g., "sudo apt-get install -y ..." and an install-deps.sh that likely performs privileged installs), which instructs modifying system state requiring elevated privileges.