webmcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a developer guide and scaffolding tool for WebMCP development.
- [PROMPT_INJECTION]: The skill addresses indirect prompt injection surfaces where tools ingest untrusted web data.
- Ingestion points: Fetch results from external APIs and user-submitted forms (reference/security.md).
- Boundary markers: Recommends the use of [USER CONTENT START] and [USER CONTENT END] delimiters.
- Capability inventory: Tools can perform network requests and manipulate page elements.
- Sanitization: Recommends text truncation and structured response schemas.
- [EXTERNAL_DOWNLOADS]: Mentions the official GoogleChromeLabs repository for testing, which is a well-known trusted source.
Audit Metadata