node-devtools-cli
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the agent to execute the
node-devtools-cliutility, which provides significant control over Node.js processes on the system. - Evidence: The
allowed-toolssection inSKILL.mdgrants access to allnode-devtools-clisubcommands via theBashtool. - Evidence: The utility can signal processes (SIGUSR1), connect via WebSockets, and evaluate JavaScript expressions through commands like
node-devtools-cli debug add-watch --expressionandnode-devtools-cli debug put-logpoint --log-expression. - [EXTERNAL_DOWNLOADS]: The skill documentation refers to an external package that must be installed on the host system.
- Evidence:
SKILL.mdinstructs users to runnpm install -g browser-devtools-mcpto install the necessary CLI tools. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing data from debugged applications.
- Ingestion points: The agent retrieves potentially untrusted data through
debug get-logsanddebug get-probe-snapshotsinreferences/debug.md. - Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands within the captured logs or snapshots.
- Capability inventory: The agent has the ability to execute shell commands and modify process state through the CLI tools defined in
SKILL.md. - Sanitization: There is no mention of sanitization or filtering of the content retrieved from the Node.js process before it is presented to the agent.
Audit Metadata