chrome-webstore-release-blueprint
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill instructions involve the creation and reading of sensitive local files (e.g., .env) and request that users paste credentials into the chat session. While these are necessary for the skill's primary purpose of setting up automation, they represent a potential data exposure surface. The risk is mitigated by explicit instructions to gitignore these files and mask secrets in logs.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest data from local project files (manifests) and user input to generate automation scripts and CI workflows. This creates a surface where malicious content in a repository's manifest could potentially influence the generated scripts.
- Ingestion points: manifest.json version strings and project configuration paths.
- Boundary markers: Absent; the skill does not specify delimiters for data extracted from project files.
- Capability inventory: File system read/write access and execution of the
ghCLI for secret management. - Sanitization: The skill advises masking secrets in logs but does not explicitly detail input validation for manifest-extracted data used in script generation.
- [Command Execution] (LOW): The skill utilizes the GitHub CLI (
gh) to automate repository secret uploads. This is a legitimate use of a standard developer tool, and the skill requires manual confirmation and authentication checks before proceeding.
Audit Metadata