heaptrack
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references cloning the heaptrack repository from https://github.com/KDE/heaptrack.git. While KDE is a reputable open-source project, it is not on the provided 'Trusted Organizations' list.
- COMMAND_EXECUTION (LOW): The installation guide includes commands using sudo for system package managers (apt-get, dnf, pacman), which is standard for installing profiling tools but requires elevated privileges.
- PROMPT_INJECTION (LOW): Surface for indirect prompt injection via profiler output. 1. Ingestion points: CLI output from heaptrack_print (referenced in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Execution of cmake, make, and heaptrack via subprocess (in SKILL.md). 4. Sanitization: Absent.
Audit Metadata