web-performance
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests external data. Evidence Chain: 1. Ingestion points: External URLs provided for Lighthouse audits (SKILL.md); 2. Boundary markers: None; 3. Capability inventory: Execution of performance audits and build tool configuration; 4. Sanitization: No sanitization of URL input or report output is documented. This is an inherent property of the tool use-case.
- [EXTERNAL_DOWNLOADS]: The skill refers to well-known and trusted services including Cloudflare and standard JavaScript build dependencies such as terser-webpack-plugin.
Audit Metadata