pp-chrome-history
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
chrome-history-pp-cliutility vianpxfrom the@mvanhorn/printing-press-librarynpm package or viago installfrom the author's GitHub repository (github.com/mvanhorn/printing-press-library). These sources are consistent with the skill's authorship. - [COMMAND_EXECUTION]: The skill operates by executing shell commands through the
chrome-history-pp-clibinary. This includes capabilities to search history, aggregate behavioral profiles, and run read-only SQL queries against a local snapshot of the Chrome SQLite database. - [DATA_EXPOSURE]: By design, the skill accesses and exposes highly sensitive personal data, including browsing URLs, page titles, search terms, and download history. The skill notes that all data remains local on-device.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from browser history (URLs and page titles).
- Ingestion points: Commands such as
search,topic, andjourneysoutput content from external web pages into the agent's context. - Boundary markers: No explicit boundary markers or instructions to ignore embedded content are present in the skill's output formatting.
- Capability inventory: The skill allows execution of local CLI commands but does not provide direct network exfiltration capabilities in the documented recipes.
- Sanitization: There is no evidence of sanitization or filtering of the ingested browser data before it is processed by the agent.
Audit Metadata