kernel-extensions
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The command
kernel extensions download-web-storefetches unpacked code directly from external URLs. This allows for the introduction of third-party executable logic into the user's environment without automated integrity checks. - REMOTE_CODE_EXECUTION (HIGH): Browser extensions are a form of executable code. When paired with
kernel browsers playwright execute, the skill enables the execution of arbitrary automation scripts against browser sessions containing potentially untrusted extensions. - PROMPT_INJECTION (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from external sources (Chrome Web Store) and possesses high-privilege capabilities (file writing via
upload, browser automation viaplaywright). There are no boundary markers or sanitization steps to verify the content of the extensions being processed. - COMMAND_EXECUTION (MEDIUM): The skill provides wrappers for several CLI operations (
upload,delete,list) that interact with the local filesystem and manage system-level browser resources.
Recommendations
- AI detected serious security threats
Audit Metadata