build-chrome-extension
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for Chrome extension development, specifically emphasizing Manifest V3 requirements such as avoiding remote code execution and using least-privilege permissions.
- [COMMAND_EXECUTION]: The skill includes helper scripts (scripts/check-mv3-manifest.sh and scripts/preflight-extension.sh) designed to be executed by the agent to validate the extension's build output. These scripts are self-contained Node.js applications that perform deterministic checks on local files without network access.
- [DATA_EXPOSURE]: The skill documentation correctly guides users to use chrome.storage.session for ephemeral data and warns against storing sensitive information in unencrypted formats, aligned with standard extension development security.
Audit Metadata