chrome-devtools

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that pass plaintext secrets as command-line arguments (e.g., --value "secret") and instructs embedding form values into CLI invocations, which requires the LLM to include secret values verbatim and is therefore insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., navigate.js, screenshot.js, evaluate.js, snapshot.js) accept arbitrary --url inputs and scrape/execute and return page DOM, console, network, and screenshot data from open/public websites, meaning the agent will ingest untrusted third-party content from arbitrary URLs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs running an install-deps.sh script and explicitly recommends sudo apt-get install commands (and other system package installs), which modify system packages and require elevated privileges, so it encourages changing the host machine state.