Skills
skills/hartreeworks/skill--chrome-extension-dev/chrome-extension-dev/Gen Agent Trust Hub

chrome-extension-dev

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes browser-based automation tools (mcp__claude-in-chrome__javascript_tool and mcp__claude-in-chrome__computer) to interact with web pages and execute JavaScript. These operations are within the expected scope of a development and testing tool.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data by reading page content and console logs. This represents a potential surface for indirect prompt injection if malicious content is present on a test page, though this is a standard risk for browser-integrated agents.
  • Ingestion points: mcp__claude-in-chrome__read_page, mcp__claude-in-chrome__read_console_messages (SKILL.md)
  • Boundary markers: None implemented for the processed page data.
  • Capability inventory: javascript_tool for script execution, computer for UI interaction.
  • Sanitization: Not present; the agent is instructed to read and verify output directly.
  • [OTHER]: The provided code snippet for the 'dev bridge' uses window.postMessage with a wildcard origin ('*'). This is a security best-practice violation as it allows any site to send messages to the bridge. While functional for local development environments, it could pose a risk if used on untrusted sites during development.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 07:49 PM