chrome-web-store-submission
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data by reading the extension's source code files (e.g., package.json, background.ts) to generate submission materials, creating a surface for indirect prompt injection.
- Ingestion points: Project files including package.json, wxt.config.ts, and entrypoint scripts specified in SKILL.md.
- Boundary markers: The instructions do not mandate the use of delimiters or specific commands to ignore embedded instructions within analyzed code.
- Capability inventory: The skill is restricted to file reading and text generation; it lacks network access, file-writing permissions, or subprocess execution capabilities across all files.
- Sanitization: No sanitization or validation of the code content is performed before processing.
Audit Metadata