webmcp
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a reference demo and documentation hosted on Google Chrome Labs' official domain (
googlechromelabs.github.io). It also suggests the use of the 'Model Context Tool Inspector' Chrome Extension for testing and verification of tool registration. - [SAFE]: The skill provides comprehensive instructional content and scaffolding for implementing the WebMCP standard. It adheres to secure development principles by instructing users to perform thorough validation of all agent-provided inputs within the execution logic and catch errors gracefully.
- [SAFE]: The skill facilitates the processing of data provided by AI agents through structured tool parameters.
- Ingestion points: Inputs are received via imperative tool parameters in JavaScript (
navigator.modelContext.registerTool) and declarative HTML form fields. - Boundary markers: The documentation promotes the use of JSON Schema to define expected inputs and recommends returning descriptive text to ensure the agent understands execution results.
- Capability inventory: The tools created using this skill are designed to perform application-specific actions such as database queries, API calls, and DOM updates as seen in
references/imperative-api.md. - Sanitization: All templates and workflows (
workflows/add-imperative-tool.md,references/tool-design.md) explicitly mandate validating parameters in code to prevent processing malformed or malicious data. - [SAFE]: No evidence of obfuscation, hardcoded credentials, persistence mechanisms, or privilege escalation attempts was found. The skill utilizes standard browser-native APIs.
Audit Metadata