performance-testing
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install k6 from its official repository and Lighthouse CI from the NPM registry. These are well-known, established sources for performance testing tools and are used appropriately within the skill's CI/CD context.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands to perform package installations and execute test runners such as k6 and the Lighthouse CI CLI. These operations are essential to the skill's functionality and are documented within standard automation workflows.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external context files to configure testing parameters.\n
- Ingestion points: The skill reads configuration and requirements from .agents/qa-project-context.md during the discovery phase.\n
- Boundary markers: Absent; there are no explicit delimiters or instructions provided to the agent to distinguish between trusted instructions and potentially malicious content within the context file.\n
- Capability inventory: The skill allows the agent to execute shell commands (k6, lhci) and perform network requests to target environments.\n
- Sanitization: Absent; data from the context file is used directly to define test scenarios and targets without automated validation or escaping.
Audit Metadata