magento-performance-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill includes shell command snippets for the
bin/magentoCLI. While these are standard Magento developer tools for setting the environment mode (deploy:mode:set developer) and checking database status, they represent a capability to modify system state and interact with the database. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill's primary function is to analyze performance profiles and logs (e.g., from Blackfire or XHProf). This creates an ingestion surface for untrusted external data. If an attacker can manipulate the content of a performance profile or log file, they could theoretically attempt to influence the agent's reasoning. However, no unsafe interpolation or specific exploitation patterns are present in the skill definition.
Audit Metadata