chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that pass a password as a command-line argument (e.g., --value "secret"), which instructs embedding secrets verbatim in commands and thus risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts and README explicitly navigate to arbitrary URLs and evaluate page content (e.g., SKILL.md "bun navigate.js --url " and scripts/snapshot.js, navigate.js, screenshot.js and click.js) which fetch and ingest untrusted public web pages and DOM data that are then used to drive further actions like selector discovery, clicking, filling, and navigation, enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs running an install-deps.sh that auto-installs system libraries and explicitly uses "sudo apt-get install imagemagick", which requires elevated privileges and modifies the machine's system state.