web-perf
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill recommends setup via
npx -y chrome-devtools-mcp@latest. Fetching unpinned external packages from public registries is a medium risk, reduced here to LOW as it is central to the skill's primary functionality of web auditing.\n- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection. The skill is designed to navigate to and analyze data from untrusted URLs vianavigate_pageandperformance_start_trace.\n - Ingestion points: Target website data and trace analysis results.\n
- Boundary markers: Absent; the agent is not instructed to ignore embedded instructions in the analyzed pages.\n
- Capability inventory: Browser automation, network monitoring, and DOM inspection via Chrome DevTools MCP.\n
- Sanitization: Absent.
Audit Metadata