performance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is purely educational and instructional.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were found. URLs used in examples (e.g., example.com, googleapis.com) are standard and benign.
- [Obfuscation] (SAFE): No encoded strings, hidden characters, or homoglyphs were detected in the text or code snippets.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard industry tools and libraries such as
lighthouseandweb-vitals. The use ofnpx lighthouseis a standard practice for performance auditing and is consistent with the skill's primary purpose. - [Privilege Escalation] (SAFE): No commands for escalating privileges, such as
sudoor unauthorizedchmodoperations, are present. - [Persistence Mechanisms] (SAFE): No attempts to modify startup files, cron jobs, or system services were found.
- [Indirect Prompt Injection] (SAFE): The skill does not ingest untrusted external data at runtime that would expose the agent to indirect injection attacks. It functions as a static knowledge base.
- [Dynamic Execution] (SAFE): The skill provides code snippets for the user to implement but does not perform dynamic code generation or execution itself. No unsafe deserialization or runtime compilation patterns are present.
Audit Metadata