Performance Optimization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Remote Code Execution] (SAFE): The skill references standard diagnostic tools such as 'npx vite-bundle-visualizer' and 'py-spy'. While these involve executing external code or attaching to processes, they are used appropriately within the context of performance profiling and represent standard developer workflows.
- [Data Exposure & Exfiltration] (SAFE): Commands provided for database diagnostics (e.g., pg_stat_statements) are used for query timing and optimization. No patterns for accessing sensitive files (like SSH keys or AWS credentials) or exfiltrating data to external domains were found.
- [Command Execution] (SAFE): Shell commands are restricted to local environment auditing (Lighthouse, bundle analysis, and process profiling) and do not include suspicious piped executions or obfuscated strings.
- [Prompt Injection] (SAFE): The instructions are purely technical and descriptive. There are no attempts to override system prompts, bypass safety filters, or instruct the agent to ignore previous rules.
Audit Metadata