perfetto-sql
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the trace_processor Python wrapper script from https://get.perfetto.dev/trace_processor. This is the official and well-known distribution domain for the Perfetto project.
- [COMMAND_EXECUTION]: The agent is instructed to execute the downloaded tool via shell commands (./trace_processor --query-string) to perform analysis on trace files.
- [PROMPT_INJECTION]: The execution protocol contains a precedence rule instructing the agent to use user-provided SQL queries without modification. This creates a surface for indirect prompt injection where a user could provide arbitrary SQL commands. 1. Ingestion points: User-provided SQL and Android trace files. 2. Boundary markers: Absent; the protocol explicitly requires using user SQL without modification. 3. Capability inventory: Shell command execution via ./trace_processor. 4. Sanitization: None; the skill relies on the underlying tool for query safety.
Audit Metadata