skill-performance-profiler
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes untrusted conversation logs to generate metrics. 1. Ingestion points: Conversation data is gathered via 'recent_chats' and stored in '/home/claude/conversations.json'. 2. Boundary markers: None; the JSON contains raw text content. 3. Capability inventory: File writing (Markdown/CSV) and local Python script execution. 4. Sanitization: No sanitization is applied to the content before regex extraction. While an attacker could pollute metrics by including specific phrases in past chats, this risk is inherent to the skill's primary purpose and does not lead to high-severity consequences.
- Data Exposure & Exfiltration (SAFE): The skill accesses conversation history ('recent_chats'), which is required for its function. All data remains local, and no network operations were detected.
- Command Execution (SAFE): The skill executes its own Python scripts to perform analysis. These operations use standard libraries and do not involve high-risk shell injection surfaces.
Audit Metadata