webext-core
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes communication channels between extension contexts and web pages, creating a potential surface for indirect prompt injection.
- Ingestion points: Messaging listeners and proxy services (
onMessage,defineProxyService) specified inSKILL.md. - Boundary markers: Code examples lack explicit delimiters to separate untrusted message data from instructions.
- Capability inventory: Demonstrated capabilities include performing network requests via
fetchand accessing extension storage. - Sanitization: The documentation does not illustrate validation or sanitization of incoming data payloads.
Audit Metadata