chrome-devtools
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the use of "npx chrome-devtools-mcp@latest" to initialize the MCP server. This package is maintained by the well-known Chrome DevTools team.
- [COMMAND_EXECUTION]: Includes the "evaluate_script" tool, which allows for the execution of JavaScript in the context of the browser page for advanced data retrieval and automation. This is a core feature of the intended functionality.
- [PROMPT_INJECTION]: The skill processes untrusted data from the web, creating a surface for indirect prompt injection.
- Ingestion points: Web page content is ingested via "take_snapshot" and "evaluate_script".
- Boundary markers: None identified in the provided markdown.
- Capability inventory: Includes browser control tools such as "evaluate_script", "click", "fill", and "navigate_page".
- Sanitization: There are no documented sanitization steps for content retrieved from external websites.
Audit Metadata