m10-performance
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Command Execution] (HIGH): The skill presents a high indirect prompt injection risk by directing the agent to run code. Evidence: (1) Ingestion: Processes user-provided Rust source and benchmark code as implied in
patterns/optimization-guide.md. (2) Boundaries: No delimiters or instructions to ignore embedded content are provided. (3) Capabilities: The guide instructs the agent to usecargo bench,perf,valgrind, andheaptrackto execute or analyze code. (4) Sanitization: None provided. Running benchmarks on untrusted code results in arbitrary code execution by design. - [External Downloads] (MEDIUM): The skill recommends installing unverified third-party tools like
flamegraphandcargo-instrumentsusingcargo install, introducing unverifiable external dependencies into the environment. - [Prompt Injection] (LOW): The metadata description in
SKILL.mduses the 'CRITICAL' marker to manipulate the agent's prioritization and tool selection logic, which is a form of instruction overriding.
Recommendations
- AI detected serious security threats
Audit Metadata