gtm-performance-audit
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to "Proceed autonomously (no further permission prompts needed)" after the initial URL is provided. This is an attempt to override standard user-in-the-loop safety protocols and bypass confirmation for the remainder of the audit process.
- [COMMAND_EXECUTION]: The skill uses the Chrome DevTools MCP to perform deep inspection of web pages, including navigating to arbitrary URLs and executing JavaScript within the browser context to analyze performance metrics and the dataLayer.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external websites (GTM container configurations, script tags, and dataLayer events).
- Ingestion points: The skill reads external content from the website DOM and network requests using
evaluate_scriptandlist_network_requests. - Boundary markers: No delimiters or warnings are used to instruct the agent to ignore potentially malicious instructions embedded in the processed data.
- Capability inventory: The agent has significant capabilities including browser navigation, script execution, and performance tracing.
- Sanitization: There is no evidence of content sanitization or validation before the data is processed by the LLM.
Audit Metadata