skills/sebas-aikon-intelligence/antigravity-awesome-skills/performance-profiling/Gen Agent Trust Hub
performance-profiling
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The script
scripts/lighthouse_audit.pydocumentation specifies a requirement for thelighthouseCLI to be installed globally vianpm install -g lighthouse. While a trusted tool, this is an external dependency managed outside the skill's direct environment.- [COMMAND_EXECUTION] (LOW): The script usessubprocess.runto execute thelighthousecommand. It correctly passes arguments as a list to prevent shell injection. However, passing unvalidated user input (URLs) to a CLI tool that spawns a browser process represents a minor attack surface for parameter injection or browser-based exploits.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted content from external URLs via the Lighthouse tool. The risk is minimized because the script only extracts structured JSON scores rather than processing natural language from the page, but it remains the primary data ingestion point.
Audit Metadata