perf-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to ingest and process untrusted external data such as 'Baseline data', 'Experiment results', and 'Profiling evidence'.
- Ingestion points: Data enters the agent context through the inputs listed in the skill body.
- Boundary markers: The instructions do not specify any delimiters (e.g., XML tags or triple quotes) to separate user data from instructions.
- Capability inventory: No dangerous capabilities (subprocess calls, file writes, or network operations) were detected in the provided code.
- Sanitization: There is no logic provided to sanitize or validate the external content before it is processed by the agent.
Audit Metadata