performance-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because its primary function is to analyze external data.
- Ingestion points: The skill instructs the agent to use tools like
grep_searchandfind_codeto process content from untrusted source code files (*.py, *.js, *.go). - Boundary markers: No delimiters or explicit instructions to ignore embedded prompts are provided to isolate the analyzed data from the agent's logic.
- Capability inventory: The skill utilizes file searching and code mapping capabilities to inspect external content.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested code content before processing.
- [NO_CODE]: The skill is documentation-based and does not contain any executable scripts, binaries, or automated tasks.
Audit Metadata