optimizing-performance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains instructional content for performance tuning and does not attempt to override agent behavior or bypass safety guardrails.
- [Data Exposure & Exfiltration] (SAFE): There are no hardcoded credentials, access to sensitive file paths, or network operations to non-whitelisted domains. The use of 'lighthouse' for web performance is a standard diagnostic practice.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The profiling commands (node --prof, python -m cProfile) use built-in language features or well-known development tools. No external scripts are downloaded or executed.
- [Indirect Prompt Injection] (LOW): The skill provides templates for analyzing user-provided code and logs, which is a common but low-risk surface for indirect injection.
- Ingestion points: Application source code, performance logs, and SQL queries provided by the user for analysis.
- Boundary markers: Not explicitly defined in the provided templates.
- Capability inventory: Limited to running local profiling tools and suggesting code refactors.
- Sanitization: Not present in the documentation templates, as they are intended for manual or agent-assisted development tasks.
- [Persistence Mechanisms] (SAFE): No attempts to modify system startup files, cron jobs, or registry keys were found.
Audit Metadata