performance-profiling
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted external data (URLs) and possesses high-privilege execution capabilities (Bash), creating a high-risk indirect injection surface. Evidence Chain: 1. Ingestion points: The python script scripts/lighthouse_audit.py accepts a user-provided URL as a command-line argument. 2. Boundary markers: None are defined in the instructions to prevent the agent from obeying instructions found in site content. 3. Capability inventory: Access to Bash, Read, Glob, and Grep tools provides a broad attack surface. 4. Sanitization: Unverifiable because the script content is missing from the provided source.
- [Unverifiable Dependencies] (MEDIUM): The skill documentation references a local script file (scripts/lighthouse_audit.py) that is not included in the skill package, preventing a thorough security audit of its internal logic and safety.
Recommendations
- AI detected serious security threats
Audit Metadata