a0-browser-ext
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a structured and secure framework for creating and installing browser extensions. It explicitly mandates that the agent uses a 'Safety First' approach, which includes stating requested behaviors clearly, limiting host permissions, and avoiding remote code execution or credential collection.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it is designed to ingest and summarize data from external Chrome extensions.
- Ingestion points: The agent parses
manifest.jsonfiles and extension content from the Chrome Web Store (SKILL.md). - Boundary markers: No specific delimiters are defined to separate untrusted extension data from the agent's internal reasoning during the inspection phase.
- Capability inventory: The skill is capable of writing files to the local filesystem (under
/a0/usr/browser-extensions/), extracting ZIP archives, and restarting browser runtimes using Playwright (SKILL.md). - Sanitization: The skill relies on manual inspection and auditing of permissions and source code by the agent and user to identify and reject suspicious capabilities before installation.
Audit Metadata