crxhub-cli
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to grant execution permissions and run an opaque pre-built binary (
scripts/crx) included with the skill.- [EXTERNAL_DOWNLOADS]: The CLI tool downloads browser extension assets from GitHub Releases based on user input or repository URLs.- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of third-party executable code (browser extensions) into the user's environment, performing directory replacements and file updates in~/.crxhub-cli.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via untrusted GitHub metadata. 1. Ingestion points: Release metadata from GitHub processed by the binary. 2. Boundary markers: No delimiters or ignore instructions are used when handling external data. 3. Capability inventory: Command execution and filesystem access are enabled. 4. Sanitization: Verification of external content is handled by the opaque binary with no visible sanitization in the prompt instructions.
Audit Metadata