profiling-performance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes shell commands (
npm run,npx lighthouse) to perform its tasks. There is a potential risk of command injection if theTARGET_URLvariable is populated with unsanitized user input containing shell metacharacters. - [EXTERNAL_DOWNLOADS] (LOW): Uses
npxto dynamically download and execute packages from the npm registry (e.g.,lighthouse,vite-bundle-visualizer). While these are reputable tools, dynamic package execution carries an inherent risk if not pinned to specific versions. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests and processes content from external URLs to generate performance reports.
- Ingestion points: Web content and metadata from the
TARGET_URLprocessed by Lighthouse. - Boundary markers: Absent; the skill does not use specific delimiters to separate untrusted web data from its instructions.
- Capability inventory: Subprocess execution via CLI, file system writes for report generation, and network access for auditing.
- Sanitization: Absent; no explicit sanitization of the audited content is performed before generating the recommendation report.
Audit Metadata