Skills
skills/ascend-ai-coding/awesome-ascend-skills/profiling-analysis/Gen Agent Trust Hub

profiling-analysis

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Multiple scripts use the subprocess module to manage the analysis workflow. For instance, performance_analysis_main_process.py and op_perf_analysis_combine.py execute sub-scripts using python to perform specialized analysis tasks. detect_slow_rank.py also executes the msprof-analyze command-line utility.
  • [EXTERNAL_DOWNLOADS]: The script detect_slow_rank.py contains logic in the install_msprof function to download and install the mstt tool from the official repository at https://gitee.com/ascend/mstt.git using git clone and pip install. This is an official resource from the vendor used for runtime environment setup.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its reporting mechanism. The script op_pivot_table_analyzer.py reads data from user-provided files such as op_statistic_*.csv and kernel_details.csv and interpolates fields like 'Input Shapes' directly into HTML <td> tags. A lack of sanitization allows potentially malicious data within these files to influence the content of the generated HTML report (e.g., op_analysis_combined.html).
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:27 AM
Security Audit — agent-trust-hub — profiling-analysis