browser-extension
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security checklist for internal or corporate extensions, instructing the agent to never hardcode URLs, tokens, or API keys and instead use browser storage or environment variables.
- [SAFE]: It provides detailed guidance on the principle of least privilege, categorizing permissions by risk level and encouraging the use of specific host permissions rather than broad wildcards like '<all_urls>'.
- [SAFE]: All identified command patterns (WXT CLI, npm, web-ext) are standard for modern web development, and remote operations target well-known, trusted browser extension stores (Chrome Web Store, Firefox AMO).
- [SAFE]: The project scaffolding instructions include a strict .gitignore template that prevents the accidental commitment of sensitive files like .env, .pem, and .key files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in 'SKILL.md' (Phase 1: Interview), where user-provided data such as the project name and features are collected. This data is subsequently used in shell commands ('npx wxt@latest init ') and project scaffolding without explicit sanitization or boundary markers (delimiters) to instruct the agent to ignore any embedded commands within that user input.
Audit Metadata