extension-toolchain
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references reputable development tools and libraries available on npm (e.g., WXT, Plasmo, CRXJS, zustand). These are standard in the web development ecosystem.
- COMMAND_EXECUTION (SAFE): Provides standard initialization and build scripts common in JavaScript development. No suspicious or obfuscated commands are present.
- PROMPT_INJECTION (SAFE): Analysis of the instructions shows no attempts to bypass safety filters or override agent constraints. The content is strictly focused on the technical task of extension development.
- DATA_EXFILTRATION (SAFE): No evidence of credential harvesting or unauthorized network communication. Examples use placeholder URLs and follow standard extension permissions models.
- SECURITY BEST PRACTICES: The skill proactively includes guidance on Content Security Policy (CSP), message validation, and preventing XSS, demonstrating a security-conscious design.
Audit Metadata