validating-performance-budgets
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process external data sources such as performance metrics, bundle size reports, and API response times. These inputs can be controlled by an attacker or a compromised environment.
- Ingestion points: Performance metrics and reports (e.g., Lighthouse JSON, bundle size manifests) read from the file system or tool outputs.
- Boundary markers: Absent. There are no specified delimiters or instructions for the agent to ignore embedded instructions within the performance data.
- Capability inventory: Access to
Bash,Write,Edit, andReadtools provides a high-privilege execution environment. - Sanitization: Absent. No validation or escaping of external content is defined, allowing potential instructions in the data to be treated as agent commands.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly requests
Bashaccess to 'execute the performance budget validation command'. While consistent with the stated purpose, the combination of command execution with untrusted data ingestion elevates the overall risk profile.
Recommendations
- AI detected serious security threats
Audit Metadata