Skills
skills/automindtechnologie-jpg/ultimate-skill.md/performance-profiling/Gen Agent Trust Hub

performance-profiling

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script scripts/lighthouse_audit.py executes the lighthouse CLI using subprocess.run. While the use of an argument list prevents standard shell injection, the lack of input validation on the URL allows for potential argument injection if the input starts with a hyphen.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill references the lighthouse CLI as a dependency, which is a trusted tool maintained by Google.
  • [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection as it ingests content from external websites via the audit tool. \n
  • Ingestion points: The url parameter in scripts/lighthouse_audit.py targets external data. \n
  • Boundary markers: Absent; findings are returned as structured JSON without specific instructions to ignore embedded content. \n
  • Capability inventory: Includes subprocess.run calls and the Bash tool allowed in the skill metadata. \n
  • Sanitization: No sanitization of input URLs or the resulting tool output is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:47 PM