Skills
skills/ancoleman/ai-design-components/performance-engineering/Gen Agent Trust Hub

performance-engineering

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Multiple SQL Injection vulnerabilities in examples/optimization/api_optimization.ts. User-controlled variables (cursor, ids, fields, and id) are directly interpolated into SQL strings without any sanitization or use of parameterized queries, allowing for arbitrary database command execution.
  • [DATA_EXFILTRATION] (HIGH): The field selection implementation in api_optimization.ts allows a user to specify arbitrary database columns through the fields query parameter, which can be exploited to exfiltrate sensitive data from the users table.
  • [CREDENTIALS_UNSAFE] (LOW): Hardcoded credentials (testuser / testpass) are present in examples/locust/load_test.py for authentication simulation.
  • [COMMAND_EXECUTION] (MEDIUM): The examples/profiling/python/pyspy_example.sh script utilizes py-spy, a tool that requires elevated system privileges (e.g., ptrace capabilities or root access) to profile external processes, posing a potential privilege escalation risk if misused.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:16 AM