openwork-chrome-mcp-testing
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill involves a workflow where the agent captures and analyzes web UI snapshots and console logs via Chrome MCP. This creates a surface for indirect prompt injection, as malicious instructions embedded in the target web pages could potentially influence the agent's actions. \n
- Ingestion points: Web snapshots and browser console logs captured in SKILL.md. \n
- Boundary markers: Not present in the provided instructions. \n
- Capability inventory: UI navigation, snapshot capture, and log retrieval through Chrome MCP. \n
- Sanitization: No sanitization or escaping of external content is mentioned. \n- [NO_CODE]: The skill files contain only markdown documentation and an example environment file, with no scripts, binaries, or other executable code provided directly.
Audit Metadata