web-performance-audit
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to configure the agent with
npx -y chrome-devtools-mcp@latest. This downloads a package from the public npm registry. Since the package/organization is not on the 'Trusted External Sources' list, this introduces a supply-chain risk. - REMOTE_CODE_EXECUTION (MEDIUM): The use of
npxwith the@latestversion tag ensures that the most recent version of the external package is executed. This lack of version pinning means any malicious update to the package will be immediately executed on the user's machine. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it is designed to ingest and analyze untrusted content from the web.
- Ingestion points:
navigate_page,list_network_requests, andtake_snapshotall pull data from external, potentially attacker-controlled websites into the agent's context. - Boundary markers: The skill does not provide any delimiters or instructions to the agent to ignore or treat content from the audited pages as untrusted.
- Capability inventory: The skill can perform network analysis and capture accessibility snapshots, providing a surface for an attacker to influence the agent's audit findings or subsequent behavior.
- Sanitization: There is no evidence of sanitization or filtering applied to the data retrieved from the web before it is analyzed by the agent.
Audit Metadata