agent-v3-performance-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
post_executionhook inSKILL.mdinterpolates the$TASKvariable directly into a shell command:npx agentic-flow@alpha memory store-pattern ... --task "Performance: $TASK". If the task description contains shell metacharacters (e.g., backticks, semicolons, or pipe symbols), it could lead to arbitrary command execution in the agent's environment. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and execute theagentic-flow@alphapackage during thepost_executionphase. This package is a vendor-provided resource associated with the author. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes the
$TASKvariable—which may originate from untrusted user input—directly within a shell execution context without sanitization or boundary markers. - Ingestion points: The
$TASKenvironment variable in thepost_executionhook. - Boundary markers: None present; the variable is wrapped in double quotes which can be escaped.
- Capability inventory: Execution of shell commands via
npxandecho. - Sanitization: No validation or escaping is applied to the
$TASKvariable before interpolation.
Audit Metadata