NYC
skills/johnlindquist/claude/perf/Gen Agent Trust Hub

perf

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs several external packages including lighthouse via npm and google-generativeai via pip. It also utilizes npx to dynamically fetch and execute tools such as speedscope, clinic, and webpack-bundle-analyzer. While these are standard tools from established registries, they represent external code dependencies.
  • [DATA_EXFILTRATION] (LOW): Local source code (e.g., src/*.ts) and performance profile logs (profile.txt) are read and sent to an external service (Google Gemini API) for analysis. While this is the intended functionality, users should be aware that their code and system profile data are being transmitted to a third-party provider.
  • [COMMAND_EXECUTION] (LOW): The skill executes various system and profiling commands, including node --prof, lighthouse, and time. It also runs user-provided scripts (e.g., node script.js) for benchmarking purposes.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). It reads content from local files and interpolates them directly into prompts sent to the Gemini AI without sanitization or boundary markers.
  • Ingestion points: Reads from slow-function.ts, profile.txt, and src/*.ts using cat.
  • Boundary markers: Absent. The file content is directly embedded into the prompt string (e.g., Analyze this code: $CODE).
  • Capability inventory: The skill can execute shell commands (npm, pip, npx, node, lighthouse) and access the network via the gemini CLI.
  • Sanitization: No escaping or validation is performed on the file content before it is sent to the LLM.
  • [CREDENTIALS_UNSAFE] (SAFE): The skill documentation includes a placeholder (your_api_key) for the required GEMINI_API_KEY rather than a hardcoded secret.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:02 PM