pp-chrome-history

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the chrome-history-pp-cli utility via npx from the @mvanhorn/printing-press-library npm package or via go install from the author's GitHub repository (github.com/mvanhorn/printing-press-library). These sources are consistent with the skill's authorship.
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands through the chrome-history-pp-cli binary. This includes capabilities to search history, aggregate behavioral profiles, and run read-only SQL queries against a local snapshot of the Chrome SQLite database.
  • [DATA_EXPOSURE]: By design, the skill accesses and exposes highly sensitive personal data, including browsing URLs, page titles, search terms, and download history. The skill notes that all data remains local on-device.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from browser history (URLs and page titles).
  • Ingestion points: Commands such as search, topic, and journeys output content from external web pages into the agent's context.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded content are present in the skill's output formatting.
  • Capability inventory: The skill allows execution of local CLI commands but does not provide direct network exfiltration capabilities in the documented recipes.
  • Sanitization: There is no evidence of sanitization or filtering of the ingested browser data before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 07:00 PM
Security Audit — agent-trust-hub — pp-chrome-history