skills/jeremylongshore/claude-code-plugins-plus-skills/inference-latency-profiler/Gen Agent Trust Hub
inference-latency-profiler
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill presents a high-risk attack surface for indirect prompt injection. \n
- Ingestion points: The skill is designed to profile machine learning deployments, which necessitates processing external data such as logs, metrics, and configurations that may be attacker-controlled. \n
- Boundary markers: There are no delimiters or instructions to the agent to distinguish between its system prompts and untrusted external data. \n
- Capability inventory: The skill allows the use of 'Bash', 'Write', and 'Edit' tools, providing a high-impact execution environment for injected payloads. \n
- Sanitization: No evidence of input validation, escaping, or sanitization is provided in the manifest. \n- COMMAND_EXECUTION (HIGH): By requesting the 'Bash' tool, the skill gains the ability to execute arbitrary commands on the host system. Without strict logic or constraints, this capability can be abused to compromise the environment. \n- NO_CODE (INFO): The skill consists only of a metadata manifest (SKILL.md) and lacks any accompanying logic, scripts, or implementations, making its behavior entirely dependent on the agent's interpretation of high-privilege tools.
Recommendations
- AI detected serious security threats
Audit Metadata