skills/jeremylongshore/claude-code-plugins-plus-skills/performance-baseline-creator/Gen Agent Trust Hub
performance-baseline-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill identifies a significant attack surface by ingesting external 'patterns' and 'requests' without defined boundary markers or sanitization instructions. Given the skill's capability to use the 'Bash' and 'Write' tools, an attacker could embed malicious commands within performance testing 'best practices' that the agent then executes. Evidence: Ingestion at request triggers (SKILL.md); no boundary markers present; capability inventory includes Bash, Write, and Edit tools; sanitization is absent.
- Command Execution (MEDIUM): The skill requests 'Bash' tool access. While stated for performance tasks, this provides the agent with the ability to execute arbitrary shell commands, which poses a risk if the system prompt is bypassed or manipulated via the identified injection surface.
- Privilege Inventory (INFO): The skill requests Write and Edit permissions, which allow the agent to modify the local filesystem based on potentially untrusted external patterns.
Recommendations
- AI detected serious security threats
Audit Metadata