Skills
skills/melodic-software/claude-code-plugins/performance-optimization/Gen Agent Trust Hub

performance-optimization

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • SAFE (SAFE): The skill is entirely instructional and contains no malicious logic, persistence mechanisms, or obfuscation. It focuses on legitimate system maintenance tasks like storage cleanup and context management.
  • EXTERNAL_DOWNLOADS (LOW): The skill recommends updating the tool via 'npm install -g @anthropic-ai/claude-code'. Per [TRUST-SCOPE-RULE], as '@anthropic-ai' is a trusted scope, this download is categorized as LOW risk.
  • PROMPT_INJECTION (LOW): The documentation creates an indirect prompt injection surface by suggesting that the agent research external GitHub issues. Evidence Chain: 1. Ingestion points: GitHub issue URLs mentioned in references/known-issues.md. 2. Boundary markers: Absent. 3. Capability inventory: Read, Bash, Glob, Grep tools are allowed for this skill. 4. Sanitization: No sanitization or validation of the fetched issue content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM