perf-profiler
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill is designed to run arbitrary system commands provided via the '$ARGUMENTS' variable. There is no validation or allow-listing of permitted tools or parameters.
- PRIVILEGE_ESCALATION (MEDIUM): The stated purpose (profiling hot paths, 'perf', 'JFR') typically requires elevated system privileges (sudo or CAP_SYS_ADMIN). If the agent has these permissions, the skill can be used to execute any command as a privileged user.
- INDIRECT_PROMPT_INJECTION (LOW): The skill lacks a mandatory evidence chain for safe data handling.
- Ingestion points: Untrusted data enters via the '[tool] [command]' arguments parsed in the javascript block.
- Boundary markers: Absent; arguments are split and joined without delimiters or safety instructions.
- Capability inventory: The skill is designed to invoke system-level profiling tools which can inspect memory and CPU states.
- Sanitization: No escaping or validation is performed on the command string before it is passed to the execution environment.
Recommendations
- AI detected serious security threats
Audit Metadata