that you need to enter some code in DevTools makes it a vulnerability that would be difficult to exploit in the wild.

Some facts about me:

• Habit of opening devtools from a random existing tab and using it as a scratchpad.
• Habit of opening devtools when something looks funky/broken.
• Likely to trust a console prompt that advertises calling some function without parameters to enable debug mode/tools
• Tendency to use subdomains to host webUIs from untrusted services (e.g. a worldmap from sandboxed Minecraft instance (with mods of various origin))
• Likely to use subdomains to host private services with sensitive information
• Has similar friends who would use said services