The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions in SKILL.md explicitly direct the AI to 'automatically complete' setup steps (launching Chrome and the MCP server), specifically stating this should be done 'rather than letting the user manually execute'. This is an attempt to override standard security guardrails that require user confirmation for shell command execution. Additionally, the skill creates a surface for indirect prompt injection. Ingestion points: external web content accessed via 'mcp__chrome-devtools__take_snapshot' and 'mcp__chrome-devtools__evaluate_script'. Boundary markers: Absent. Capability inventory: shell command execution, network operations via WebSocket, and file writing for screenshots. Sanitization: Absent.
[COMMAND_EXECUTION]: The skill requires the execution of various shell commands to launch the Chrome browser with remote debugging enabled (--remote-debugging-port=9222) across Windows, macOS, and Linux platforms.
[EXTERNAL_DOWNLOADS]: The skill uses the 'npx' tool to download the 'chrome-devtools-mcp' package from the npm registry during the automatic setup process.
[REMOTE_CODE_EXECUTION]: The skill executes unverified third-party code via 'npx' and frequently uses the Chrome DevTools 'Runtime.evaluate' method to execute dynamically constructed JavaScript strings in the browser context. Furthermore, several Python scripts (e.g., baidu_search_example.py) explicitly disable SSL verification using 'ssl._create_unverified_context', which increases the risk of man-in-the-middle attacks.

chrome-devtools-skill