chrome_perf_analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface identified. 1. Ingestion: The skill processes user-uploaded Chrome trace JSON files via multiple tools (e.g., trace_summary, trace_filter). 2. Boundary markers: No markers or 'ignore' instructions are present in the tool definitions to isolate data from instructions. 3. Capability inventory: The skill is limited to reading and filtering trace data (no network or write permissions). 4. Sanitization: No sanitization is mentioned for trace event fields like URLs or event names. While malicious data could attempt to influence the agent's summary or behavior, the lack of destructive capabilities limits the severity.
- NO_CODE (INFO): The skill package contains metadata and reference documentation only. No implementation scripts (Python or Node.js) were provided for analysis.
Audit Metadata