chrome-mcp-remote

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill launches a local Chrome instance for remote debugging and instructs the operator to "Use Chrome MCP tools normally" (SKILL.md step 3) via the started Chrome process (scripts/start-chrome-mcp.sh), which permits loading and inspecting arbitrary public web pages and user-generated content that the agent could read and act on, creating risk of indirect prompt injection.