flamegraphs
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Privilege Escalation (HIGH): The skill documentation in
references/tools.mdincludes commands utilizingsudo dtrace. Executing profiling tools with root privileges presents a significant risk for privilege escalation if an attacker can manipulate the command arguments or if the underlying system utility has vulnerabilities. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill instructs the user to
git clone https://github.com/brendangregg/FlameGraphand subsequently execute Perl scripts (flamegraph.pl,stackcollapse-perf.pl) from that repository. Since this repository is not on the predefined list of trusted sources, this constitutes the execution of unverified remote code. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill recommends installing external packages from public registries using
npm install -g speedscope,cargo install flamegraph, andcargo install inferno. These actions download and install code from third-party contributors, which could be subject to supply-chain attacks. - Indirect Prompt Injection (LOW): The skill is designed to process untrusted profiler data (e.g.,
perf scriptoutput, Valgrind logs). An attacker providing a malicious binary to be profiled could potentially inject instructions into the function names or metadata of the profiler output to influence the agent's interpretation or exploit vulnerabilities in the parsing scripts. - Ingestion points: Reads
out.perf,cg.out,prof.txt, and other profiler logs. - Boundary markers: None identified; data is piped directly into scripts.
- Capability inventory: Executes shell commands, writes SVG files, and runs Perl/Node/Rust scripts.
- Sanitization: None; the skill relies on the integrity of external Perl scripts for parsing.
Recommendations
- AI detected serious security threats
Audit Metadata