performance-profiling
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/lighthouse_audit.pyexecutes thelighthouseCLI tool using thesubprocess.runmethod. It passes arguments as a list with the shell parameter disabled (the default in this context), which prevents shell injection by ensuring the URL input is treated strictly as an argument. - [EXTERNAL_DOWNLOADS]: The skill references the
lighthouseCLI as an external dependency. It recommends manual installation from the official NPM registry, which is a well-known and trusted package repository. No automated or unverified downloads occur at runtime.
Audit Metadata