Skills
skills/chromedevtools/chrome-devtools-mcp/debug-optimize-lcp/Gen Agent Trust Hub

debug-optimize-lcp

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes browser tools to interact with web pages and capture traces.
  • Evidence: SKILL.md references the use of navigate_page, performance_start_trace, and performance_analyze_insight for performance data collection.
  • [REMOTE_CODE_EXECUTION]: Local JavaScript snippets are executed on target pages to extract performance metrics.
  • Evidence: references/lcp-snippets.md contains benign code for LCP element identification and DOM auditing, used via the evaluate_script tool.
  • [PROMPT_INJECTION]: The skill analyses external web page content, which represents a surface for indirect prompt injection.
    1. Ingestion points: navigate_page and performance_start_trace load external URLs into the context.
    1. Boundary markers: No specific delimiters are identified in the provided instructions to isolate external content.
    1. Capability inventory: The agent can evaluate scripts (evaluate_script) and inspect network requests on the loaded pages.
    1. Sanitization: Content from analyzed pages is not filtered or sanitized before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 08:47 AM