deep-debug
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context through
mcp__claude-in-chrome__read_network_requests,mcp__claude-in-chrome__read_console_messages, andmcp__claude-in-chrome__read_page(defined inrules/chrome-evidence-tools.md). - Boundary markers: Absent. The prompts in
templates/parallel-agent-prompts.mdinterpolate evidence directly without delimiters or instructions to ignore embedded commands. - Capability inventory: The skill can spawn sub-agents (
debugger,code-reviewer,Explore) and execute arbitrary JavaScript in the browser context viajavascript_tool. - Sanitization: None detected. Data read from the browser is passed raw to sub-agents.
- DATA_EXFILTRATION (LOW): The skill encourages gathering evidence that often contains sensitive information, such as Authorization headers in network requests or API keys in console logs. While no malicious exfiltration to third-party domains is programmed, the standard usage involves passing this sensitive data into the LLM context and sub-agent prompts.
Audit Metadata