skills/android/skills/perfetto-sql/Gen Agent Trust Hub

perfetto-sql

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the trace_processor Python wrapper script from https://get.perfetto.dev/trace_processor. This is the official and well-known distribution domain for the Perfetto project.
  • [COMMAND_EXECUTION]: The agent is instructed to execute the downloaded tool via shell commands (./trace_processor --query-string) to perform analysis on trace files.
  • [PROMPT_INJECTION]: The execution protocol contains a precedence rule instructing the agent to use user-provided SQL queries without modification. This creates a surface for indirect prompt injection where a user could provide arbitrary SQL commands. 1. Ingestion points: User-provided SQL and Android trace files. 2. Boundary markers: Absent; the protocol explicitly requires using user SQL without modification. 3. Capability inventory: Shell command execution via ./trace_processor. 4. Sanitization: None; the skill relies on the underlying tool for query safety.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:40 AM
Security Audit — agent-trust-hub — perfetto-sql