ln-653-runtime-performance-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches mandatory reference documents and audit contracts from the author's repository at raw.githubusercontent.com/levnikolaevich/claude-code-skills/.
- [COMMAND_EXECUTION]: Uses Bash and Grep tools to execute pattern-matching scans across the workspace to identify performance bottlenecks and async anti-patterns.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the analysis of untrusted codebase data. 1. Ingestion points: Reads files and metadata from the codebase root (scan_path). 2. Boundary markers: Absent. The skill does not implement delimiters or ignore-instructions warnings for the data it processes. 3. Capability inventory: Employs Bash, Read, Grep, Glob, and the specialized mcp__hex-graph__audit_workspace tool. 4. Sanitization: Absent. Findings from the codebase are directly incorporated into a markdown report without escaping or validation.
Audit Metadata