performance-profiling
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The scripts/lighthouse_audit.py script executes the lighthouse CLI via subprocess.run with an argument list, which prevents shell injection when processing URLs.
- EXTERNAL_DOWNLOADS (SAFE): The skill references the standard lighthouse NPM package, a trusted industry tool.
- DATA_EXPOSURE (SAFE): File handling is performed using secure temporary files that are deleted after use.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill has a data ingestion surface. 1. Ingestion points: URL argument in scripts/lighthouse_audit.py. 2. Boundary markers: None. 3. Capability inventory: subprocess.run and file system read/write. 4. Sanitization: Command arguments are passed as a list to prevent shell interpretation.
Audit Metadata