Skills
skills/diverta/kuroco-skills/kuroco-admin-api-browser/Gen Agent Trust Hub

kuroco-admin-api-browser

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the javascript_tool to generate and execute JavaScript snippets within the browser context. This functionality is intended for programmatic interaction with the Kuroco Admin API using the user's active session.
  • [EXTERNAL_DOWNLOADS]: The documentation provides links to the official Google Chrome Web Store for the installation of the necessary claude-in-chrome extension, which is a recognized and trusted source.
  • [PROMPT_INJECTION]: The skill processes content from external web pages and API responses, creating an attack surface for indirect prompt injection.
  • Ingestion points: Data is ingested via get_page_text from /llms.txt and through JSON responses from various Admin API endpoints.
  • Boundary markers: The prompt instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating external data into the agent's context.
  • Capability inventory: The agent has the capability to navigate URLs, read page accessibility trees, and execute arbitrary JavaScript within the browser.
  • Sanitization: The skill relies on security filtering logic within the claude-in-chrome MCP tool to block sensitive data and provides specific instructions for the agent to filter out personal information from its responses.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 06:47 AM