chrome-devtools

No explicit malicious code or hardcoded credentials are present in the provided manifest and documentation. The primary concern is functionality: the skill exposes powerful primitives (arbitrary in-page JS execution, network/console/snapshot access, and local-file upload) that can be misused to exfiltrate data or perform unwanted actions if used against untrusted content or without strict operational controls. Treat this component as sensitive: enforce explicit user consent for each navigation and risky operation, restrict evaluate_script usage, implement URL whitelisting or prompt-based approval, sanitize diagnostic outputs before returning them, and avoid unattended autonomous operation with this skill.