workspace-performance-audit
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
ls,cat, andgrepto discover monorepo structures and read configuration files likepackage.jsonacross different application directories. - [EXTERNAL_DOWNLOADS]: Fetches and executes widely-used auditing tools, including
lighthouse,@next/bundle-analyzer, anddepcheck, from the public npm registry usingnpx. - [COMMAND_EXECUTION]: Performs deep database diagnostics by executing administrative MongoDB commands, including
db.serverStatus(),db.setProfilingLevel(), anddb.collection.getIndexes(), to identify slow queries and index efficiency. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted workspace files and command outputs.
- Ingestion points: Ingests data from
package.json, folder names, and database performance logs. - Boundary markers: Absent. There are no explicit delimiters or instructions to ignore instructions embedded within the workspace files being analyzed.
- Capability inventory: The agent has capabilities to execute shell commands, perform database operations, and write local report files.
- Sanitization: No sanitization or validation of the workspace data is performed before it is processed by the agent.
Audit Metadata