profiling-analysis-hostbound
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted performance data from external sources, which constitutes an indirect prompt injection surface. If the profiling databases or trace files contain malicious instructions, they could influence the agent's behavior when it reviews the analysis results.
- Ingestion points: Reads profiling data from MindStudio Insight
analysis.dbfiles and system performance traces (ftrace) viascripts/slow_cards_analyzer.pyandscripts/trace_analyzer.py. - Boundary markers: The skill does not implement delimiters or specific instructions to the agent to disregard instructions potentially embedded within the performance data.
- Capability inventory: The skill possesses the capability to write Excel reports (
.xlsx) to the local file system and generate visualizations. - Sanitization: The scripts utilize structured extraction (SQLite queries and Regular Expressions) to parse data, which provides format-level validation but does not filter for Natural Language instructions within the data fields.
Audit Metadata