core-web-vitals
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides templates for executing CLI tools like
lighthouseandsource-map-explorer. These are standard performance auditing tools used for their intended purpose. - [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes
npxto execute packages. Whilenpxdownloads code from the npm registry, the packages specified (lighthouse,@next/bundle-analyzer,source-map-explorer) are well-known, trusted, and standard in the web development ecosystem. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill handles untrusted data in the form of a target URL passed to Lighthouse. However, the capability is limited to diagnostic reporting (displaying metrics like LCP/CLS), and there are no instructions suggesting the agent should execute logic found within the scanned page's content.
Audit Metadata