chrome-history
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (HIGH): The skill reads the Chrome History SQLite and LevelDB databases (~/Library/Application Support/Google/Chrome/Default/History), exposing the user's complete browsing history, which may include sensitive URLs and session data.
- EXTERNAL_DOWNLOADS (HIGH): The instructions direct users to install code from an untrusted GitHub repository (cclgroupltd/ccl_chromium_reader) using pip. This source is not verified and presents a significant supply chain risk.
- REMOTE_CODE_EXECUTION (HIGH): The skill executes Python code and external libraries from unverified sources, providing a path for malicious code to run on the local system.
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection from attacker-controlled website titles found in the history data.
- Ingestion points: Page titles and URLs from the Chrome history databases.
- Boundary markers: None; external data is not delimited or identified as untrusted.
- Capability inventory: Python script execution and broad file system access.
- Sanitization: No sanitization of the retrieved history data is performed before it is processed by the agent.
- DATA_EXFILTRATION (LOW): The skill contains a hardcoded local file path likely specific to the author's environment (/Users/glebkalinin/Brains/brain), which is a metadata leak.
Recommendations
- AI detected serious security threats
Audit Metadata