The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The scripts/lighthouse_audit.py script executes the lighthouse CLI tool using subprocess.run with a list of arguments. This approach is secure as it avoids invoking a shell, thereby preventing shell injection vulnerabilities from user-provided URLs.
[EXTERNAL_DOWNLOADS] (SAFE): The skill references the lighthouse package, which is a widely-used and trusted tool maintained by Google. The dependency is documented for manual installation and no suspicious or unverifiable packages are included.
[DATA_EXFILTRATION] (SAFE): The skill performs network requests to target URLs for profiling purposes. There is no evidence of unauthorized data collection or access to sensitive local files.
[Indirect Prompt Injection] (SAFE): The script processes external audit data by parsing structured JSON and extracting numerical scores. Ingestion points: Target URLs provided to lighthouse_audit.py. Boundary markers: Structured JSON parsing. Capability inventory: subprocess.run for Lighthouse CLI; File Read/Write for temporary JSON report. Sanitization: The script extracts specific keys from JSON and converts them to integers, preventing malicious payload passthrough.

performance-profiling