The Agent Skills Directory

Persistence (HIGH): The documentation instructs users to modify shell profiles like ~/.bashrc or ~/.zshrc with eval \"$(browser-devtools-cli completion bash)\". This allows the tool to execute code automatically at the start of every shell session, creating a persistence vector.
Indirect Prompt Injection (LOW): The skill is designed to process untrusted content from the web, which may contain malicious instructions. Evidence Chain: 1. Ingestion points: navigation go-to and content get-as-text. 2. Boundary markers: Absent; no instructions are provided to the agent to distinguish between tool output and page content. 3. Capability inventory: The skill uses Bash to execute commands, allowing for network access and file system interaction. 4. Sanitization: No sanitization or escaping of web content is performed.
Credentials Unsafe (LOW): Example code in the skill documentation contains a hardcoded password string (password123).
External Downloads (MEDIUM): The skill requires installing an unverified package from the public npm registry (browser-devtools-mcp).
Command Execution (LOW): The skill utilizes the Bash tool to run its core CLI functions, giving it extensive control over the browser environment and local state.

browser-devtools-cli