candid-chrome-qa
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands like curl using variables that may contain user-supplied URLs without explicitly requiring sanitization or escaping. It also generates and executes dynamic JavaScript snippets in the browser using the javascript_tool, which involves string concatenation of DOM properties like element IDs, creating a risk of injection from malicious web pages.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by ingesting and processing untrusted telemetry data from external web sites. Ingestion points: read_page, read_console_messages, and read_network_requests; Boundary markers: None identified in the instructions; Capability inventory: File system access (mkdir, write) and browser-based JavaScript execution; Sanitization: No sanitization or validation of the telemetry data is described.
- [EXTERNAL_DOWNLOADS]: The skill refers the user to the official Anthropics GitHub repository to install necessary MCP tools for the QA environment.
Audit Metadata