The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation in references/ci-regression.md includes a script that uses sudo tee to modify kernel parameters and CPU settings (such as scaling_governor, no_turbo, and smt/control). While these commands are intended to stabilize benchmark results by eliminating non-determinism on dedicated CI runners, they represent a privilege escalation vector that can significantly impact the host system's power management, performance, and stability if executed on a non-dedicated machine.
[EXTERNAL_DOWNLOADS]: The skill recommends the installation of multiple Go utilities from external, non-official repositories using go install. These include benchdiff (from filippo.io), cob (from github.com/knqyf263), gobenchdata (from go.bobheadxi.dev), and fgprof (from github.com/felixge). These sources are not part of the trusted organization list and should be reviewed for integrity before installation.
[DATA_EXFILTRATION]: The skill instructions and reference files (e.g., references/trace.md and references/pprof.md) frequently use curl to fetch profile and trace data from endpoints like http://localhost:6060/debug/pprof/trace. While this is standard practice for Go profiling, it establishes a pattern of network-based data retrieval that could be redirected to exfiltrate sensitive profile data if malicious URLs are introduced.

golang-benchmark