web-perf
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's operations are consistent with its stated purpose of performance auditing. It utilizes standard debugging protocols and tools.
- [EXTERNAL_DOWNLOADS]: The skill recommends the use of the
chrome-devtools-mcppackage from the public NPM registry. This is a well-known service, and the package is a standard requirement for the functionality provided. - [COMMAND_EXECUTION]: The instructions include a configuration command (
npx -y chrome-devtools-mcp@latest) intended for the user to set up their local environment. This command is presented transparently and requires user action. - [PROMPT_INJECTION]: The skill processes data from external websites via navigation and performance tools. This ingestion of untrusted data is necessary for web auditing and is handled in an analytical, read-only capacity.
- Ingestion points: Web page content, network headers, and accessibility trees accessed via
navigate_pageandperformance_start_tracein SKILL.md. - Boundary markers: None identified.
- Capability inventory: Browser navigation, performance metric extraction, network request inspection, and accessibility snapshotting.
- Sanitization: Not applicable as the skill performs diagnosis of performance metrics rather than executing or interpolating content into sensitive system commands.
Audit Metadata