web-perf
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from external websites.
- Ingestion points: Data enters the system via the navigate_page tool when auditing external URLs.
- Boundary markers: Absent; the instructions do not include delimiters or warnings to ignore commands embedded in the audited pages.
- Capability inventory: The skill can navigate to pages and perform performance traces.
- Sanitization: None; external data is processed as-is.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the chrome-devtools-mcp package using npx to enable the required MCP functionality.
Audit Metadata