convert-web-pages-to-browser-extensions
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a structured workflow for migrating web frontend code (React, Vue, Svelte, etc.) to browser extension entries such as popups, side panels, and options pages.
- [SAFE]: Explicitly instructs the agent to adhere to security best practices, such as avoiding eval() and inline scripts that violate Content Security Policy (CSP).
- [SAFE]: Recommends the use of least-privilege permissions and the sanitization of user-generated content before rendering.
- [SAFE]: Provides clear guidelines for identifying and replacing Node-only libraries that are incompatible with browser extension runtimes, preventing runtime failures.
- [PROMPT_INJECTION]: The skill processes user-provided source code as input, which constitutes an indirect prompt injection surface. This is mitigated by proactive safety measures such as code sanitization and context separation. Evidence: Ingestion points include user-provided source pages (SKILL.md); Capability inventory includes file writes to app/ and manifest modification; Sanitization is explicitly recommended in reference.md.
Audit Metadata