performance-guardrails
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides numerous commands (e.g.,
bun run bench:basic) that rely on the local environment'spackage.json. If an attacker provides a maliciouspackage.jsonin the working directory, the agent will execute arbitrary code when attempting to run benchmarks. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted external data via
--manifest,--baseline, and--referenceflags. Because the skill also possesses command execution (bun run) and file-write (--out) capabilities, maliciously crafted data in these ingested files could be used to manipulate the agent into performing unauthorized actions. - [DATA_EXFILTRATION] (LOW): While no direct network exfiltration is hardcoded, the ability to read arbitrary manifest and baseline files combined with command execution provides a mechanism for local data exposure.
Recommendations
- AI detected serious security threats
Audit Metadata