ln-811-performance-profiler
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill discovers and executes shell commands (
test_commandande2e_test_command) by searching through the project's codebase usinggrep, which can lead to the execution of arbitrary commands if the repository contains malicious test definitions. - [REMOTE_CODE_EXECUTION]: It dynamically generates and executes local shell scripts (e.g.,
profile_test.sh) to facilitate benchmarking for API endpoints and pipelines when existing tests are not available. - [COMMAND_EXECUTION]: The profiler invokes various external system tools and language profilers, including
py-spy,cProfile,clinic,pprof,dotnet-trace, andnvidia-smi, to measure system-level metrics. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted code from the repository, traces call chains, and modifies source files for instrumentation without explicit sanitization of the input code contents.
- Ingestion points: Reads function bodies and test files from the local filesystem during 'Phase 2: Static Analysis' and 'Phase 3: Deep Profile'.
- Boundary markers: No specific boundary markers or 'ignore' instructions are used when interpolating code content into the analysis context.
- Capability inventory: High; includes shell command execution via subprocesses and the ability to modify project source files for instrumentation.
- Sanitization: Lacks explicit sanitization or validation of the code snippets being analyzed or the commands being generated from discovered routes/functions.
Audit Metadata