testing-perf
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection due to its requirement to ingest and analyze external data like test results and web content.
- Ingestion points: Reads test output files (e.g., results.json) and fetches web content via the WebFetch tool.
- Boundary markers: Not explicitly defined in the provided rules.
- Capability inventory: Includes file system access (Read, Glob, Grep) and network operations (WebFetch, WebSearch).
- Sanitization: No specific content validation or sanitization mechanisms are described for processed data.
- [CREDENTIALS_UNSAFE]: Documentation and templates include placeholder credentials for authentication examples.
- Evidence: Files such as
references/k6-patterns.md,rules/perf-locust.md, andscripts/test-case-template.mdcontain example emails, passwords, and test card numbers. These are clearly marked for illustrative purposes and do not represent actual sensitive data leaks. - [COMMAND_EXECUTION]: The skill provides numerous examples for executing performance testing tools via the command line (e.g., k6 run, locust, pytest). These commands are standard for the domain of performance and load testing.
Audit Metadata