python-profiling
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to execute various system commands for benchmarking and profiling using the
uvandpytesttools. - [COMMAND_EXECUTION]: The documentation explicitly states that the
py-spytool may requiresudoprivileges to function correctly on some systems (for ptrace permissions), which presents a privilege escalation risk. - [EXTERNAL_DOWNLOADS]: The skill suggests the installation of third-party Python profiling packages from the Python Package Index, including
line-profiler,py-spy,memray,scalene, andsnakeviz. - [PROMPT_INJECTION]: The skill's workflow involves reading and analyzing local project files (e.g.,
pyproject.toml, source code), which creates a vector for indirect prompt injection. - Ingestion points: Local project metadata files and source code.
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Extensive command execution, package installation, and potential usage of elevated privileges (
sudo). - Sanitization: No sanitization of the content of the analyzed files is described before use.
Audit Metadata