chrome-extension-architect
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses piped remote script execution for installation and updates.
- Evidence found in
README.md,commands/opencode/chrome-extension-architect.md, andcommands/droid/chrome-extension-architect.mdusing the patternbash <(curl ...)orcurl | bash. - These scripts are fetched from the vendor's official GitHub organization (
Alcyone-Labs) and represent normal deployment functionality. - [EXTERNAL_DOWNLOADS]: Downloads shell scripts from external repositories to facilitate setup and maintenance.
- Targeted URLs include
raw.githubusercontent.com/Alcyone-Labs/chrome-extension-agent-skillandraw.githubusercontent.com/Alcyone-Labs/agent-skills. - [COMMAND_EXECUTION]: Executes local shell commands to manage the skill lifecycle.
- Uses bash process substitution and piped input to run scripts.
- Logic in command files triggers these actions based on specific flags in the user's request.
- [PROMPT_INJECTION]: The skill command definitions create an attack surface where untrusted user data can trigger privileged execution.
- Ingestion points: The skill processes
$ARGUMENTSin the command files for Droid and OpenCode. - Boundary markers: Absent; there are no delimiters separating user input from the update logic.
- Capability inventory: The skill has the capability to execute remote scripts via
curlandbash. - Sanitization: No input sanitization is performed on the arguments before checking for the
--update-skillflag.
Audit Metadata