chrome-relay
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to ingest and act upon data from external web pages, creating an attack surface for indirect prompt injection.
- Ingestion points: The agent reads page content through
chrome-relay readandchrome-relay js(SKILL.md). - Boundary markers: No specific delimiters or safety warnings are provided to prevent the agent from following instructions found within the data.
- Capability inventory: The agent can perform actions like
click,fill, andnavigatebased on its interpretation of untrusted page elements (SKILL.md). - Sanitization: No filtering or sanitization of ingested content is documented.
- [COMMAND_EXECUTION]: The skill allows for dynamic JavaScript execution within the browser environment.
- Evidence: The
jscommand (SKILL.md) provides access to theRuntime.evaluateCDP method, allowing the agent to execute code in the context of the user's active browser session. - [EXTERNAL_DOWNLOADS]: The skill utilizes an external CLI tool installed from a public registry.
- Evidence: README.md and SKILL.md guide the installation of the
chrome-relaypackage via pnpm.
Audit Metadata