perf-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, role-play attempts, or system prompt extraction patterns were detected in the skill content.
- [Data Exposure] (SAFE): The skill does not access sensitive local file paths or include hardcoded credentials. It only references generic performance logs and results.
- [Remote Code Execution] (SAFE): No external package installations or remote script downloads (e.g., curl | bash) are present.
- [Indirect Prompt Injection] (SAFE): Although the skill processes external performance data (ingestion points: Baseline data, Experiment results in SKILL.md), it lacks any script-based capabilities or tools that could be exploited by malicious payloads within that data.
- [Dynamic Execution] (SAFE): There are no scripts associated with this skill, precluding any risk of runtime code generation or unsafe deserialization.
Audit Metadata