perf-audit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of override markers, safety bypass attempts, or malicious role-play instructions was found in the skill or its references.
- [DATA_EXFILTRATION]: No hardcoded credentials or access to sensitive file paths (such as .env or SSH keys) were detected. The skill reads package.json and build metadata, which is consistent with its stated purpose.
- [COMMAND_EXECUTION]: The skill executes build and analysis commands (npm run build, npx). These are restricted to local project scripts and standard analysis tools.
- [EXTERNAL_DOWNLOADS]: The skill uses npx to execute vite-bundle-visualizer and webpack-bundle-analyzer. These are well-known, industry-standard packages from the NPM registry.
- [REMOTE_CODE_EXECUTION]: No patterns involving piping remote scripts to a shell or executing untrusted code from external URLs were found.
- [SAFE]: The skill follows its stated purpose without hidden behaviors or security risks.
Audit Metadata