perf
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs several external packages including
lighthousevia npm andgoogle-generativeaivia pip. It also utilizesnpxto dynamically fetch and execute tools such asspeedscope,clinic, andwebpack-bundle-analyzer. While these are standard tools from established registries, they represent external code dependencies. - [DATA_EXFILTRATION] (LOW): Local source code (e.g.,
src/*.ts) and performance profile logs (profile.txt) are read and sent to an external service (Google Gemini API) for analysis. While this is the intended functionality, users should be aware that their code and system profile data are being transmitted to a third-party provider. - [COMMAND_EXECUTION] (LOW): The skill executes various system and profiling commands, including
node --prof,lighthouse, andtime. It also runs user-provided scripts (e.g.,node script.js) for benchmarking purposes. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8). It reads content from local files and interpolates them directly into prompts sent to the Gemini AI without sanitization or boundary markers.
- Ingestion points: Reads from
slow-function.ts,profile.txt, andsrc/*.tsusingcat. - Boundary markers: Absent. The file content is directly embedded into the prompt string (e.g.,
Analyze this code: $CODE). - Capability inventory: The skill can execute shell commands (
npm,pip,npx,node,lighthouse) and access the network via thegeminiCLI. - Sanitization: No escaping or validation is performed on the file content before it is sent to the LLM.
- [CREDENTIALS_UNSAFE] (SAFE): The skill documentation includes a placeholder (
your_api_key) for the requiredGEMINI_API_KEYrather than a hardcoded secret.
Audit Metadata