web-performance-audit
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): All provided code snippets and documentation are consistent with the declared purpose of performance auditing. No malicious patterns or security vulnerabilities were identified.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references standard packages including web-vitals, lighthouse, and chrome-launcher. These are maintained by Google, a trusted entity. According to the [TRUST-SCOPE-RULE], these references are considered low risk and do not impact the overall safety verdict.
- [Indirect Prompt Injection] (INFO): The skill functions by analyzing external websites. While the content of these websites is untrusted, the skill only extracts technical performance metrics and metadata, presenting a negligible risk of indirect prompt injection unless a downstream component processes the output unsafely.
Audit Metadata