Skills
skills/zenobi-us/dotfiles/chrome-debug/Gen Agent Trust Hub

chrome-debug

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Dynamic Execution] (MEDIUM): The evaluate_script tool allows for arbitrary JavaScript execution within the browser context. This is a high-risk capability that could be misused to bypass same-origin policy (SOP) or perform unauthorized actions on websites if an agent is misled.
  • [Data Exposure & Exfiltration] (MEDIUM): Tools such as take_screenshot and performance logging write data to user-specified local paths (e.g., take_screenshot --args '{"filePath":"..."}'). If the underlying implementation does not enforce strict path validation, it could be exploited to overwrite sensitive system files or write data to unauthorized directories.
  • [Indirect Prompt Injection] (LOW): The skill is a broad surface for indirect prompt injection as it processes untrusted data from the web.
  • Ingestion points: take_snapshot, list_console_messages, and list_network_requests in reference/workflows-debugging.md and reference/workflows-element-interaction.md.
  • Boundary markers: Absent in the provided documentation.
  • Capability inventory: Arbitrary JS execution (evaluate_script), file writing (take_screenshot), and DOM interaction (click, fill).
  • Sanitization: No sanitization or filtering of ingested web content is mentioned in the documentation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:13 PM