Skills
skills/mgd34msu/goodvibes-plugin/performance-audit/Gen Agent Trust Hub

performance-audit

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The script reads local files to perform its audit. An attacker could craft specific comments or code patterns to trigger false positive or negative reports. The risk is low because the script has no network access or file-writing capabilities.
  • Ingestion points: Source files (.ts, .tsx, .js, .jsx, .html) and package.json via grep.
  • Boundary markers: None.
  • Capability inventory: grep, git, and printf. No side-effect capabilities detected.
  • Sanitization: None.
  • [Command Execution] (LOW): The script utilizes grep and git for static analysis. While these are standard tools, the PROJECT_ROOT variable can be influenced by the environment, which could redirect the analysis to unexpected local directories.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 17, 2026, 06:51 AM