lighthouse-ci-integrator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the '@lhci/cli' package from the NPM registry. It also incorporates various community GitHub Actions for automation, such as 'treosh/lighthouse-ci-action', '8398a7/action-slack', and 'dawidd6/action-send-mail'. These are standard tools for the described integration.
- [COMMAND_EXECUTION]: The skill includes a 'scripts/run-lighthouse.ts' script that uses the Bun shell wrapper to execute CLI commands. The command arguments are derived from internal logic (e.g., toggling between mobile and desktop configurations) and do not present a shell injection risk.
- [CREDENTIALS_UNSAFE]: The 'docker-compose.lhci.yml' file includes hardcoded default credentials ('POSTGRES_PASSWORD: postgres'). These are clearly intended for local development environments and are common in boilerplate examples.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface through the 'parse-lighthouse-results.js' example, which parses data from external Lighthouse reports. If an audited website contains malicious content in its metadata, it could be ingested by the agent during report processing.
- Ingestion points: Reads '.lighthouseci/manifest.json' and audit JSON files.
- Boundary markers: No delimiters or 'ignore' instructions are used in the report parsing logic.
- Capability inventory: The skill uses tools for file system access ('Read', 'Write', 'Glob') and command execution ('Bash').
- Sanitization: The skill does not perform validation or sanitization on the external report data before processing.
Audit Metadata