performance-profiler
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of standard performance tools including clinic, memray, and @next/bundle-analyzer through official package registries.
- [COMMAND_EXECUTION]: Instructions include the execution of profiling and load-testing utilities. For specific scenarios like py-spy on macOS, the documentation correctly notes that elevated privileges (sudo) may be required for process attachment.
- [PROMPT_INJECTION]: The provided Python analysis scripts (benchmark_reporter.py, bottleneck_detector.py, and resource_analyzer.py) ingest external JSON data from files or stdin, representing an indirect prompt injection surface.
- Ingestion points: All three scripts in the scripts/ directory parse JSON-formatted log and benchmark data.
- Boundary markers: There are no explicit delimiters or boundary markers used during data ingestion or output generation.
- Capability inventory: The analysis scripts are limited to mathematical computation, statistical analysis, and console reporting. They do not contain code for network operations, file writing, or shell command execution.
- Sanitization: The scripts rely on the standard library json.loads() for parsing without additional verification of the data content.
Audit Metadata