performance-profiling
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The
scripts/lighthouse_audit.pyscript executes thelighthouseCLI using a safe argument-list approach insubprocess.run, effectively preventing shell injection vulnerabilities. - Indirect Prompt Injection (SAFE): The skill audits content from external URLs. It mitigates injection risks by parsing the tool's JSON output into a strict local schema and returning only numeric scores and a script-generated summary to the agent, rather than the raw website content.
- Ingestion points:
scripts/lighthouse_audit.py(via external URL fetching) - Boundary markers: Not applicable due to strict output filtering
- Capability inventory:
Bash(allowed-tool),subprocess.run - Sanitization: High; only score integers and a pre-defined status message are extracted and returned.
Audit Metadata