performance-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands using
npxto perform performance analysis tasks. Key commands includenpx claude-flow bottleneck detectfor issue identification andnpx claude-flow analysis performance-reportfor metrics summaries. - [EXTERNAL_DOWNLOADS]: The skill uses
npx, which fetches theclaude-flowpackage from the npm registry for execution. This is a standard development practice for using Node.js-based utilities. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its analysis of external task results and swarm communication logs.
- Ingestion points: Data is processed through metrics analysis commands and MCP tool results like
mcp__claude-flow__task_results(SKILL.md). - Boundary markers: No explicit delimiters or boundary markers are defined to separate ingested metrics from agent instructions.
- Capability inventory: The skill can execute shell commands (
npx), perform file writes (--export,--output), and apply system optimizations (--fix). - Sanitization: There is no documentation of explicit sanitization for the ingested performance metrics.
Audit Metadata