performance-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill retrieves and processes external data from API responses, creating a surface for indirect prompt injection.
- Ingestion points: API response bodies (e.g.,
r.body) inscripts/k6-script.jsandreferences/k6-patterns.md. - Boundary markers: Absent; the skill does not use delimiters to isolate external content.
- Capability inventory: Performs network requests and validates response content which may influence downstream agent behavior.
- Sanitization: Absent; response content is not validated or sanitized.
- [CREDENTIALS_UNSAFE] (SAFE): Generic hardcoded strings used for authentication (e.g., 'password', 'testpassword') are identified as placeholders for template usage.
- [DATA_EXPOSURE] (SAFE): Network activity is restricted to performance testing operations against defined endpoints.
Audit Metadata