django-perf-review
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or behaviors were identified in the skill. The instructions are focused entirely on legitimate performance optimization and code review tasks.
- [PROMPT_INJECTION]: The skill operates on untrusted codebases and utilizes command execution tools (Bash, Task), which constitutes an indirect prompt injection surface. This is a standard risk for auditing tools and is mitigated by the skill's instructions to strictly validate structural code patterns rather than trust prose content.
- Ingestion points: Reads and analyzes the user's Django codebase via Read, Grep, and Glob tools (SKILL.md).
- Boundary markers: No explicit boundary markers or delimiters for untrusted code are defined.
- Capability inventory: The skill uses Bash and Task tools to perform searches and potentially verify system state (SKILL.md).
- Sanitization: No specific sanitization or escaping of ingested code content is described.
Audit Metadata