performance-optimisation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to run local application code for profiling (e.g.,
node --prof app.js,python -m cProfile app.py). If the skill is used on an unvetted codebase, this results in the immediate execution of untrusted code with the agent's privileges. - [COMMAND_EXECUTION] (HIGH): The skill explicitly requests the
Bashtool and provides several shell commands. This grants the agent broad capabilities that contradict the 'read-only' instruction in the Tooling Notes, potentially allowing for system modification or data exfiltration. - [REMOTE_CODE_EXECUTION] (HIGH): Indirect Prompt Injection (Category 8). The skill ingests data from untrusted sources including external websites (via Lighthouse), database query results, and profiler logs.
- Ingestion points:
processed.txt,profile.out, Lighthouse HTML reports, and database response data. - Boundary markers: None present; external data is processed directly.
- Capability inventory: Access to
Bashallows for arbitrary shell command execution. - Sanitization: No sanitization or validation of the ingested data is performed. An attacker could embed malicious instructions in website content or log files to manipulate the agent's next steps.
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes the
lighthousetool to scan external URLs. While intended for performance reporting, this establishes outbound network connections that could be used for basic data signaling.
Recommendations
- AI detected serious security threats
Audit Metadata