Chrome DevTools Debugging
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
evaluate_javascripttool, which allows for the execution of arbitrary JavaScript within the browser's execution environment. - [PROMPT_INJECTION]: The skill is designed to ingest and process data from untrusted external websites, creating a risk of indirect prompt injection.
- Ingestion points: Data enters the agent's context through DOM inspection (
inspect_dom), console log retrieval (get_console_logs), and network request monitoring (get_network_requests). - Boundary markers: The instructions lack any defined delimiters or warnings to treat data from external websites as untrusted or to ignore instructions embedded within that data.
- Capability inventory: The skill possesses capabilities to execute browser-side code (
evaluate_javascript) and observe sensitive network interactions (get_network_requests). - Sanitization: There are no explicit requirements or mechanisms mentioned for sanitizing, escaping, or validating the content retrieved from external sources before processing.
Audit Metadata