The Agent Skills Directory

[Prompt Injection] (SAFE): No attempts to override agent behavior, bypass safety filters, or extract system prompts were detected.
[Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local file paths or hardcode credentials. It references legitimate performance monitoring tools like Datadog and New Relic as examples.
[Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were identified in the text or code snippets.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The file contains no package installation commands (npm/pip) or patterns for remote script execution (curl|bash).
[Dynamic Execution] (SAFE): Python and JavaScript snippets are illustrative templates and do not use unsafe functions like eval(), exec(), or dynamic path loading.
[Indirect Prompt Injection] (LOW): While the logic accepts a URL for performance auditing, which represents a potential ingestion point for untrusted data, the skill lacks the implementation details that would allow for actual exploitation, such as fetching and parsing arbitrary page content for instruction processing.

web-performance-audit