webmcp-dev-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it requires the agent to process data from external, untrusted web sources.
- Ingestion points: The agent is directed to fetch live documentation from developer.chrome.com and gather community patterns via web searches (SKILL.md).
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill for processing external data.
- Capability inventory: The agent has access to powerful tools including Bash, Write, Edit, Grep, and Glob, which could be misused if the agent obeys malicious instructions found in the fetched content (SKILL.md).
- Sanitization: There is no evidence of content sanitization or validation before the agent interacts with the retrieved information.
- [SAFE]: The skill fetches documentation from the official Chrome developer blog, a well-known and trusted service.
Audit Metadata