web-perf
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
npx lighthouseto perform performance audits on target URLs. This involves executing a command-line tool that fetches and analyzes remote content based on user input. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external websites via Lighthouse reports without sanitization or boundary markers.
- Ingestion points: Data from
lighthouse-report.jsonis processed and incorporated into the agent's context as described inSKILL.md. - Boundary markers: None identified; external report content is mixed with agent instructions.
- Capability inventory: The skill uses
npxfor command execution and has instructions for modifying build configurations (Webpack, Vite, Next.js). - Sanitization: No validation or filtering of the external audit results is performed before processing.
- [SAFE]: The skill metadata (author: cloudflare, source: cloudflare/skills) contradicts the provided author context (oimiragieo). This is classified as deceptive metadata (Category 7), which can lead to misjudgment of the skill's provenance and safety profile.
- [SAFE]: The 'Memory Protocol' section instructs the agent to persist state (learnings, issues, and decisions) to the
.claude/context/memory/directory. While this is a form of persistence that influences future behavior, it is a standard state-management pattern for certain agent environments.
Audit Metadata