Skills
skills/andronics/claude-plugin-css-pro/performance-analyzer/Gen Agent Trust Hub

performance-analyzer

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Employs the Bash tool to perform file system audits and execute optimization utilities. Commands used include ls, gzip, brotli, and stat for analyzing bundle sizes and compression ratios. It also executes performance auditing tools via the command line to generate metrics.
  • [EXTERNAL_DOWNLOADS]: References several well-known Node.js packages for CSS optimization and analysis including cssstats, cssnano, purgecss, and critical. It also utilizes Google's lighthouse utility for auditing performance of web pages.
  • [PROMPT_INJECTION]: Presents a surface for indirect prompt injection as it processes untrusted external CSS and HTML content. \n
  • Ingestion points: Processes CSS files (styles.css), HTML files (**/*.html), and performs live audits on external URLs. \n
  • Boundary markers: Lacks specific delimiters or guardrail instructions to isolate the content being analyzed from the agent's operational logic. \n
  • Capability inventory: Retains access to Read, Grep, Glob, and Bash tools, which could be leveraged if malicious instructions were successfully injected. \n
  • Sanitization: Does not apply explicit content sanitization or validation to the input files before they are read and analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 07:44 AM