native-app-performance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes standard macOS developer tools (xcrun, xctrace, vmmap, otool, atos) via subprocess calls. These operations are necessary for performance profiling and are implemented using best practices (list-based arguments) to prevent shell injection.
- DATA_EXPOSURE (SAFE): The scripts read process information and binary symbols to provide performance insights. This is restricted to the local environment and does not involve network exfiltration.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes .trace files and XML data generated by system tools. While this represents a data ingestion surface (Category 8), the subsequent capabilities (profiling and symbolication) do not present a high risk of being manipulated for malicious outcomes.
Audit Metadata