Skills
skills/meta-quest/agentic-tools/hz-perfetto-debug/Gen Agent Trust Hub

hz-perfetto-debug

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @meta-quest/hzdb global package from npm. This is a vendor-owned resource for the Meta Quest ecosystem and is considered a legitimate dependency for the skill's purpose.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the hzdb CLI tool via Bash commands to capture performance traces from VR devices, load them into a local environment, and execute SQL queries against the trace data. These operations are restricted to the functionality provided by the vendor tool.
  • [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection as it processes external .pftrace files that may contain untrusted data. * Ingestion points: External trace files are loaded and parsed via hzdb perf load. * Boundary markers: No explicit delimiters or instructions are provided to the agent to treat trace data as untrusted. * Capability inventory: The skill has the capability to execute Bash commands through the hzdb tool. * Sanitization: There is no evidence of sanitization for the performance data or SQL query results before they are interpreted by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 06:37 AM