skills/jeremylongshore/claude-code-plugins-plus-skills/providing-performance-optimization-advice/Gen Agent Trust Hub
providing-performance-optimization-advice
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill metadata explicitly allows the use of shell commands through
Bash(profiling:*)andBash(analysis:*). This is intended for running the bundled profiling scripts (performance_profiler.py,optimization_suggestions.py,impact_estimator.py) on the target codebase to identify bottlenecks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data.
- Ingestion points: The skill reads the application codebase, infrastructure configuration files, and performance metrics from the
${CLAUDE_SKILL_DIR}/directory. - Boundary markers: There are no instructions defining explicit boundary markers or delimiters to differentiate between legitimate code/data and potential embedded instructions in the files being analyzed.
- Capability inventory: The skill has access to
Bash,Write,Edit,Grep, andGlobtools, which could be leveraged if an injection attack successfully influences the agent's behavior during analysis. - Sanitization: The instructions do not specify any sanitization, validation, or filtering of the content read from the project files before processing.
Audit Metadata