web-performance-audit
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill ingests untrusted data from external websites and local project configurations, which could contain malicious instructions designed to manipulate the agent's behavior.
- Ingestion points: The skill reads external page content via
navigate_page, analyzes performance traces viaperformance_analyze_insight, and inspects local files likepackage.jsonandwebpack.config.jsin Phase 5. - Boundary markers: There are no delimiters or explicit instructions to treat the ingested data as untrusted, increasing the risk that the agent will follow instructions embedded in the target sites or files.
- Capability inventory: The skill has the ability to navigate to arbitrary URLs, perform network analysis, and read sensitive local build configurations.
- Sanitization: No sanitization or filtering of external input is specified.
- [External Downloads] (MEDIUM): The documentation instructs the user to install a third-party package (
chrome-devtools-mcp) usingnpx. This package is not hosted in a predefined trusted repository or organization, posing a supply chain risk.
Audit Metadata