arch-webext-vue
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were detected in the skill's instructions or configuration files.
- [Indirect Prompt Injection] (LOW): As a browser extension template, the generated code includes content scripts that execute on third-party websites. This creates an inherent surface for indirect prompt injection if the extension or a connected AI agent processes untrusted data from these pages without further sanitization.
- Ingestion points: src/contentScripts/index.ts targets all_urls by default.
- Boundary markers: Absent (Standard web development templates do not typically include LLM-specific delimiters).
- Capability inventory: The extension uses webextension-polyfill for tab and storage access, and webext-bridge for messaging between background and UI scripts.
- Sanitization: Uses Vue 3's built-in template escaping for UI rendering.
Audit Metadata