perf-audit

The perf-audit skill presents a coherent, self-contained developer tooling workflow for auditing bundle size and performance. Its actions are scoped to local project data and well-known analysis tools, with no evident credential handling, remote data exfiltration, or automated dependency changes. The security footprint is low and proportional to its purpose. Some minor supply-chain considerations exist due to on-demand npx tool invocation, but this is standard practice for developer tooling and can be mitigated by pinning tool versions or using package.json scripts. Overall, the skill is BENIGN with LOW to MEDIUM security risk depending on environment trust in npx tool resolution.