The Agent Skills Directory

[COMMAND_EXECUTION]: The profiling scripts (profile_python.py, profile_java.py, profile_cpp.py) execute local code and system commands to perform performance analysis.
Evidence: profile_python.py uses exec() to run the target Python script within the current process.
Evidence: profile_java.py and profile_cpp.py use subprocess.run() to execute Java classes, C/C++ binaries, and system tools such as perf and gprof to gather performance metrics.
[PROMPT_INJECTION]: The generate_visualization.py script is vulnerable to indirect prompt injection (XSS) in the generated HTML report.
Ingestion points: The script reads profiling data from profile_results.json, which contains function names, file paths, and issue descriptions extracted from user-provided code.
Boundary markers: None are used in the HTML template to delimit or ignore untrusted content.
Capability inventory: The skill possesses command execution and file system access capabilities.
Sanitization: The script uses f-strings to build the HTML report by interpolating strings directly into the template without any escaping or validation.

interval-profiling-performance-analyzer