perf-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions to bypass safety filters or override agent behavior were detected.- [Data Exposure & Exfiltration] (SAFE): The skill analyzes project files like package.json and source code, but it does not include any tools or commands to transmit this data externally.- [Indirect Prompt Injection] (LOW): The skill processes untrusted source code and configurations, which creates a potential surface for indirect injection. However, the risk is negligible as no dangerous capabilities are present. • Ingestion points: Reads package.json, lock files, and component source code (.tsx, .vue). • Boundary markers: None provided. • Capability inventory: Purely text-based analysis and reporting; no shell or network access. • Sanitization: None mentioned.- [Remote Code Execution] (SAFE): No patterns for downloading or executing remote code or packages.- [Persistence Mechanisms] (SAFE): No attempts to modify system configurations or create persistent tasks.
Audit Metadata