Skills
skills/thinkfleetai/thinkfleet-engine/performance-testing/Gen Agent Trust Hub

performance-testing

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands to run load tests (k6, ab), web audits (lighthouse), and network timing measurements (curl).
  • [COMMAND_EXECUTION]: Invokes language-specific profiling tools including Node.js heap snapshots/CPU profiles, Python's cProfile, and Go's benchmark/pprof tools.
  • [EXTERNAL_DOWNLOADS]: Utilizes npx to execute well-known bundle analysis and performance tools such as webpack-bundle-analyzer, vite, and bundlephobia.
  • [PROMPT_INJECTION]: Contains an indirect prompt injection surface (Category 8) where the agent processes data from external URLs.
  • Ingestion points: Target URLs provided to lighthouse, curl, ab, and k6 commands.
  • Boundary markers: Absent; the skill does not wrap tool outputs in delimiters or provide instructions to ignore embedded content in reports.
  • Capability inventory: Executes subprocesses for various CLI tools, writes files (results.json, report), and runs local scripts (app.js, app.py, script.js).
  • Sanitization: No validation or sanitization of the remote content fetched by these tools before it is presented to the agent.
  • [COMMAND_EXECUTION]: Employs dynamic script generation (Category 10) by using shell heredocs to create and execute k6 scripts inline.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:14 AM