performance-profiling
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill requires the
Bashtool and provides a template for executing a local Python script (scripts/lighthouse_audit.py). The use ofBashis a high-privilege capability that should be restricted to specific, verified commands. - [PROMPT_INJECTION] (MEDIUM): Category 8: Indirect Prompt Injection. The skill is vulnerable to instructions embedded in external data.
- Ingestion points: The script
lighthouse_audit.pyaccepts a URL as an input, which the agent then processes to perform an audit (SKILL.md). - Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the data returned from the audited URL.
- Capability inventory: The agent has access to
Bash,Read,Glob, andGreptools, allowing it to perform file system operations and execute commands based on potentially poisoned input. - Sanitization: No sanitization or validation of the content retrieved from the external URL is mentioned or enforced.
Audit Metadata