analyzing-system-throughput
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external system metrics and directory contents, which presents a surface for indirect prompt injection.\n
- Ingestion points: The skill is designed to read metrics from
${CLAUDE_SKILL_DIR}/metrics/throughput/and iterate through user-provided directory paths.\n - Boundary markers: No delimiters or instructions to ignore instructions within ingested data are present in the skill instructions or scripts.\n
- Capability inventory: The skill has access to
Read,Write,Grep, andBashtools.\n - Sanitization: There is no evidence of data sanitization or validation in the provided analysis scripts.\n- [SAFE]: Documentation and implementation discrepancies were identified but do not pose a security risk.\n
- The file
scripts/identify_bottlenecks.shcontains Python code despite its shell extension.\n - The script's actual behavior (file iteration and size checking) does not match its description of using tools like
toporiostat, indicating it is likely a placeholder.
Audit Metadata