performance-profiler
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized behaviors were detected during analysis. The skill provides legitimate developer utilities for performance analysis.\n- [COMMAND_EXECUTION]: The skill provides documentation and recipes for common profiling CLI tools (e.g., py-spy, k6, clinic). These are industry-standard tools intended for manual execution by a user or agent; the skill does not include any automated or hidden command execution logic.\n- [PROMPT_INJECTION]: An evaluation of indirect prompt injection surfaces was conducted. The analysis script ingests untrusted project data (filenames and dependency manifests) but lacks any dangerous capabilities (such as network operations or code execution) that could be leveraged by such an injection.\n
- Ingestion points: Project file names and content from package.json, requirements.txt, and go.mod.\n
- Boundary markers: None present in the script output.\n
- Capability inventory: Read-only local file system access; no write, network, or execution capabilities.\n
- Sanitization: No sanitization is performed on ingested strings.
Audit Metadata