skill-performance-profiler
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill analyzes untrusted conversation data gathered via the recent_chats tool.\n
- Ingestion points: /home/claude/conversations.json (populated by recent_chats tool output).\n
- Boundary markers: No explicit delimiters or instructions are used to separate untrusted content from the analysis logic within the JSON structure.\n
- Capability inventory: The skill is limited to local file reading/writing and report generation. It does not possess network access, arbitrary command execution, or evaluation capabilities.\n
- Sanitization: The Python scripts do not sanitize or escape the content of the conversations before processing them via regular expressions, which could allow a malicious actor to inject fake skill names into the metrics.\n- [Data Exposure & Exfiltration] (SAFE): No sensitive data is accessed beyond the intended conversation logs, and there are no network functions to exfiltrate information.\n- [Remote Code Execution] (SAFE): All scripts are local and perform static analysis without dynamic execution or external dependency fetching.
Audit Metadata