performance-profiling
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script
scripts/lighthouse_audit.pyusessubprocess.runto execute the Lighthouse CLI. While it uses a list of arguments to prevent shell injection, the lack of validation for theurlparameter allows for argument injection (e.g., passing flags like--helpinstead of a URL). - [EXTERNAL_DOWNLOADS] (LOW): The skill requires the
lighthousenpm package to be installed globally. While this is a well-known tool, the skill's reliance on external, unmanaged dependencies is a minor security concern. - [PROMPT_INJECTION] (LOW): As the skill fetches and processes content from external URLs, it is susceptible to indirect prompt injection. If the target website contains malicious instructions in its metadata, an AI agent processing the resulting Lighthouse report might follow those instructions. Mandatory Evidence Chain: 1. Ingestion points:
scripts/lighthouse_audit.pyvia theurlargument. 2. Boundary markers: Absent; the Lighthouse output is returned as raw JSON data. 3. Capability inventory:subprocess.runinscripts/lighthouse_audit.pyand tools likeBashallowed inSKILL.md. 4. Sanitization: Absent; no URL validation or content filtering is performed.
Audit Metadata