performance
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection because it is designed to read and 'triage' external codebases and database queries while holding powerful permissions.
- Ingestion points: Processes database queries, API endpoints, and frontend source files via Read, Grep, and Glob tools.
- Boundary markers: None. The skill does not use delimiters to wrap the code it analyzes.
- Capability inventory: Granted Bash, Write, Edit, and Task tools, allowing for system-level changes based on analyzed content.
- Sanitization: No sanitization logic is present to prevent instructions embedded in analyzed code from being followed by the agent.
- External Downloads (LOW): The documentation in 'references/performance-patterns.md' suggests using 'npx webpack-bundle-analyzer'. This downloads and executes code from the npm registry at runtime. While npm is a standard source, it remains a notable external dependency.
- Command Execution (MEDIUM): The skill is explicitly permitted to use Bash and Task tools in the SKILL.md frontmatter, which enables arbitrary command execution on the host system.
- Prompt Injection (LOW): The SKILL.md file includes an 'IMPORTANT Task Planning Notes' section. While these are operational instructions for the agent, they represent the use of imperative 'override' style language to dictate task flow.
Recommendations
- AI detected serious security threats
Audit Metadata