The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes standard performance analysis tools such as perf. The command perf record -F 99 -a -g -- sleep 30 is a standard way to collect system-wide CPU samples and is consistent with the skill's stated purpose.
[EXTERNAL_DOWNLOADS] (SAFE): While the skill references external tools (K6, Gatling, Locust) and scripts (stackcollapse-perf.pl, flamegraph.pl), it does not contain any automated download or installation commands (e.g., curl | bash or npm install). It assumes these tools are already present in the environment.
[PROMPT_INJECTION] (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts.
[DATA_EXFILTRATION] (SAFE): No patterns indicating the unauthorized collection or transmission of sensitive data were detected. Network-related tools mentioned (tcpdump, Wireshark) are listed as diagnostic strategies rather than executable malicious commands.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes performance data and profiling outputs (e.g., out.perf). While this represents a surface for indirect prompt injection if an attacker can manipulate system profiles, it is a standard risk for performance analysis tools and the skill does not exhibit exploitable capabilities like file-writing or network exfiltration based on that data.

performance-engineer