build-chrome-extension
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides extensive documentation and code patterns for developing Chrome Extensions using Manifest V3. It covers modern frameworks like WXT and Plasmo, as well as core APIs for messaging, storage, and service workers.
- [SAFE]: It explicitly guides the AI agent and the user to follow security best practices, such as the principle of least privilege for permissions, avoiding global variables in service workers, and prohibiting the use of dangerous functions like
eval()in Manifest V3. - [SAFE]: All external tools and frameworks mentioned (e.g., WXT, Plasmo, CRXJS, Playwright, Vitest) are well-known, reputable tools within the web and browser extension development ecosystems.
- [SAFE]: No malicious patterns such as prompt injection, hardcoded credentials, data exfiltration, or obfuscation were detected across the skill's instructions or reference files.
- [SAFE]: While the skill involves project scaffolding via shell commands (e.g.,
npm create), it uses standard developer patterns that do not pose a direct security risk, although the agent should always ensure user-provided strings for project names are handled as literals.
Audit Metadata