The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The file references/measurement-guide.md contains the command sudo apt-get install k6. This is a privilege escalation finding that is adjusted from HIGH to MEDIUM as it is a standard installation method for the load-testing tool required for the skill's purpose.
[EXTERNAL_DOWNLOADS] (LOW): The skill documentation suggests installing external software via brew and apt-get, and using docker run to pull the grafana/k6 image. These are standard external dependencies for the described performance tasks.
[COMMAND_EXECUTION] (LOW): The guides include various shell commands for code analysis (grep) and performance monitoring (curl, bc). It also provides SQL ALTER TABLE snippets for indexing.
[PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface as it ingests performance data and provides powerful tools to interact with the environment. Evidence: 1. Ingestion points: Target URLs (e.g., staging.example.com) and local codebase via grep. 2. Boundary markers: None present. 3. Capability inventory: Shell execution (grep, k6, curl, docker), database modification (ALTER TABLE), and PHP code generation. 4. Sanitization: None present; the guides provide direct command templates.

wp-performance-review