webperf-media
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The scripts
Image-Element-Audit.jsandSVG-Embedded-Bitmap-Analysis.jsuse thefetchAPI to retrieve image and SVG content from audited pages. This is a legitimate function for identifying file formats and embedded bitmaps.\n- [PROMPT_INJECTION]: The skill ingests data from external websites, such as image metadata and SVG source code. This creates an attack surface for indirect prompt injection, where malicious instructions hidden in page content could influence the agent's behavior.\n - Ingestion points: DOM attributes (alt, src, loading) and SVG text content.\n
- Boundary markers: None.\n
- Capability inventory: Script execution via Chrome DevTools MCP.\n
- Sanitization: Returns structured data objects.
Audit Metadata