browser-extension-builder
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard architectural templates and best practices for browser extension development using official Chrome APIs.
- [PROMPT_INJECTION]: The skill includes patterns for content scripts that read data from web pages. While this is a standard ingestion point for extensions, it is documented neutrally as part of the core functionality.
- Ingestion points: The
content.jstemplate reads data from host pages using DOM selectors. - Boundary markers: Not applicable as this is a code template for third-party development.
- Capability inventory: The templates use standard extension APIs like
chrome.storageandchrome.runtime.onMessage. - Sanitization: Not applicable to the provided boilerplate snippets.
- [DATA_EXFILTRATION]: Placeholder network request examples are provided for monetization logic. These follow standard development patterns for premium feature verification and do not involve unauthorized or sensitive data transfer.
Audit Metadata