performance-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze external code and performance logs, which presents a surface for indirect prompt injection.\n
- Ingestion points: Uses
Read,Grep, andGlobtools to ingest workspace files for analysis.\n - Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore instructions embedded within analyzed data.\n
- Capability inventory: The agent has access to
Bash,Write, andEdittools, which could be misused if the agent is successfully injected.\n - Sanitization: No sanitization of ingested content is performed before the agent processes it.\n- [COMMAND_EXECUTION]: The skill suggests running various profiling and benchmarking commands (e.g.,
node --prof,go test -cpuprofile). These are standard development workflows and are used as intended for performance analysis.\n- [SAFE]: The provided Python utility scripts (scripts/perf_report.pyandscripts/profile.py) are safe, performing only basic string formatting and local file writes using standard Python libraries.
Audit Metadata