performance-profiler
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to analyze external source code which constitutes untrusted input (Category 8).
- Ingestion points: Source code files provided by the user via command-line arguments (e.g.,
src/,UserList.jsx). - Boundary markers: Absent. The instructions do not explicitly tell the agent to ignore natural language instructions that might be embedded in code comments or string literals within the analyzed files.
- Capability inventory: Limited to analysis and report generation. The skill does not define capabilities for writing to the filesystem, executing commands, or making network requests.
- Sanitization: No sanitization or filtering of the input code is specified before processing.
Audit Metadata