Skills
skills/cloudflare/cloudflare-docs/web-perf/Gen Agent Trust Hub

web-perf

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): Indirect prompt injection surface via external web content. The skill is designed to navigate to arbitrary URLs and process their DOM, accessibility tree, and network requests.
  • Ingestion points: navigate_page, take_snapshot, and performance_start_trace ingest untrusted content from the target URL.
  • Boundary markers: None. There are no instructions to the agent to ignore or delimit embedded natural language instructions found on the target site.
  • Capability inventory: The skill possesses the capability to execute system commands through npx (as suggested in the setup) and has high-level reasoning capabilities that influence codebase modifications.
  • Sanitization: None. The skill processes the raw output of DevTools insights and snapshots.
  • EXTERNAL_DOWNLOADS (LOW): Recommends installing chrome-devtools-mcp@latest via npx.
  • Trust Status: Downgraded to LOW per [TRUST-SCOPE-RULE] as it originates from vercel-labs, a trusted GitHub organization.
  • COMMAND_EXECUTION (LOW): Suggests the use of npx in the user's MCP configuration. While npx executes code, this is a standard configuration step for the required tool and is pointed at a trusted source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:28 AM