performance-profiling
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Lighthouse CLI tool via npm. Lighthouse is an open-source, industry-standard performance auditing tool maintained by Google.
- [COMMAND_EXECUTION]: The
scripts/lighthouse_audit.pyfile usessubprocess.runto execute the Lighthouse command. It correctly passes arguments as a list rather than a single string, which prevents shell injection vulnerabilities by ensuring the OS processes the URL as a literal argument.
Audit Metadata