performance-doctor
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes shell commands (
grep,sed,sort,uniq) intended to be run against local application logs (./logs/console.log) to identify slow SQL queries and recurring errors. - [EXTERNAL_DOWNLOADS]: References the use of Arthas (
arthas-boot.jar), which is a well-known, industry-standard JVM diagnostic tool developed by Alibaba for performance troubleshooting. No untrusted or malicious download sources are specified. - [DATA_EXFILTRATION]: Instructs the agent to read application logs. While logs can contain sensitive data, this access is limited to local files and is necessary for the skill's stated purpose of performance diagnosis.
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes logs which could potentially contain attacker-controlled data. However, the risk is minimal as the suggested commands are specific to performance metrics (timestamps, SQL execution times) rather than arbitrary content processing.
Audit Metadata