chrome-ext-develop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides shell command templates in
WORKFLOW.mdandREFERENCE.mdthat use user-provided placeholders such as '[extension-name]'. If the AI agent executes these commands (e.g.,mkdir [extension-name]) without sanitizing the user input, it could lead to arbitrary command injection. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted user data which is later used to perform high-privilege shell operations. 1. Ingestion points: Extension concept, requirements, and name gathered in
WORKFLOW.mdPhase 1 and Phase 4. 2. Boundary markers: Absent; there are no instructions to the agent to distinguish between user data and instructions or to ignore embedded commands. 3. Capability inventory: Command execution viamkdir,npm,zip, andconvert(via ImageMagick). 4. Sanitization: Absent; the skill does not provide any logic or instructions to escape or validate user-provided strings before they are utilized in shell environments.
Audit Metadata