chrome-webstore-release-blueprint
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill instructs the agent to request and handle sensitive OAuth credentials, including client secrets and refresh tokens, directly from the user. Although intended for setup, this places high-value secrets in the session context, creating an exposure risk.
- COMMAND_EXECUTION (LOW): The skill involves generating and executing local scripts that utilize the GitHub CLI (
gh) for secret management. This aligns with the skill's primary function but involves executing system-level commands that manage sensitive data. - DATA_EXFILTRATION (LOW): The skill performs network requests to non-whitelisted Google API domains (oauth2.googleapis.com, chromewebstore.googleapis.com) for token exchange and status checks. This constitutes a network exposure surface, though it is essential for the skill's functionality.
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface as it processes repository manifest files and user inputs. Mandatory Evidence Chain: 1. Ingestion points:
manifest.jsonand user-provided tokens. 2. Boundary markers: Absent. 3. Capability inventory:ghCLI commands and API requests. 4. Sanitization: Includes instructions to mask secrets in logs.
Audit Metadata