performance-test

[Skill Scanner] Generic secret pattern detected All findings: [HIGH] hardcoded_secrets: Generic secret pattern detected (HS005) [AITech 8.2] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] The skill fragment is coherently aligned with its stated purpose: it documents how to run standard performance tests (frontend Lighthouse, Core Web Vitals, backend k6/Artillery) and how results are reported and integrated in CI. There is no evident malicious behavior, credential harvesting, or data exfiltration. The footprint (usage of official tools, no hardcoded secrets, legitimate report paths) is proportionate to its stated purpose. LLM verification: This skill is consistent with its stated purpose (performance testing). There is no evidence of malware or deliberate credential theft in the provided code. Main concerns are: (1) hardcoded test credentials which are poor hygiene but typical in examples, (2) potential accidental exposure of performance reports via the 'temporary-public-storage' upload target, and (3) the placeholder analytics function which could be replaced to exfiltrate metrics if misconfigured. Overall risk is moderate operat