Skills
skills/famaoai-creator/gemini-skills/performance-monitor-analyst/Gen Agent Trust Hub

performance-monitor-analyst

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external JSON and JSONL files through the input argument, parsing their content and incorporating fields like the skill name directly into the output report. This creates a surface for indirect prompt injection, where an attacker could place malicious instructions inside a metrics file to influence the agent when it reads the report.
  • Ingestion points: The input CLI argument in src/index.ts defines the file paths read via fs.readFileSync and fs.readdirSync.
  • Boundary markers: The generated report does not use specific delimiters or instructions to the AI to ignore content within the metrics data.
  • Capability inventory: The skill can read any file the process has access to (fs.readFileSync) and can write files to arbitrary paths via the out argument (safeWriteFile).
  • Sanitization: The skill performs no validation or sanitization on the strings extracted from JSON/JSONL metrics before including them in the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 10:47 PM