Skills
skills/ajianaz/skills-collection/performance-optimizer/Gen Agent Trust Hub

performance-optimizer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill analyzes local project source code, which serves as a vector for instructions embedded in data to influence the agent. \n
  • Ingestion points: Local .svelte and .ts files within the src/ directory scanned via rg. \n
  • Boundary markers: Absent; no delimiters or 'ignore' instructions are provided to the agent for the processed code content. \n
  • Capability inventory: Performs filesystem searches using rg and generates architectural or code rewrite suggestions. \n
  • Sanitization: No evidence of escaping or sanitizing the content of the analyzed files. \n- Metadata Poisoning (LOW): There is a technical mismatch between the skill's stated purpose for SvelteKit in SKILL.md and the reference content in references/patterns.md, which contains Next.js/React Server Components code. This deceptive metadata may lead to the agent providing incompatible or hallucinated code. \n- Command Execution (SAFE): The skill utilizes rg (ripgrep) to locate anti-patterns in the user's codebase. This is a standard, non-malicious operation intended for code auditing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 09:22 PM