performance-reporter
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a helper script located at
python3 "${CLAUDE_PLUGIN_ROOT}/scripts/connectors/ledger.py"to record and compare performance data (KPIs like sessions, clicks, etc.). This is a local utility execution for data processing rather than arbitrary shell execution or remote code loading. - [DATA_TRANSPARENCY]: The skill explicitly instructs the agent to label all metrics as 'Measured', 'User-provided', or 'Estimated' and prohibits the fabrication of data. It includes 'Decision Gates' that force user interaction if critical reporting parameters like date ranges are missing.
- [REMOTE_ACCESS_ANALYSIS]: While the skill mentions connecting to analytics and search consoles, these are referenced as optional 'connectors' described in external documentation (CONNECTORS.md). The skill body itself does not contain hardcoded credentials or unauthorized exfiltration logic.
- [PROMPT_INJECTION_ANALYSIS]: No bypass markers, role-play instructions, or attempts to override system safety guidelines were detected in the instructions.
Audit Metadata