performance-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- General (SAFE): The skill serves as a collection of templates for k6 (JavaScript) and Locust (Python). It does not contain executable logic within the skill itself that poses a risk.
- Data Exposure (SAFE): Example credentials provided in the Locust script ('test@example.com', 'password') are generic placeholders and do not constitute a hardcoded credential finding.
- Remote Code Execution (SAFE): No unauthorized external downloads or piped execution patterns (e.g., curl|bash) were found. The tools mentioned (k6, Locust) are standard industry utilities.
- Indirect Prompt Injection (SAFE): While the skill defines how to interact with external URLs, it does not provide an automated ingestion path for untrusted data that could influence the agent's logic.
Audit Metadata