validating-performance-budgets

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The overall design and implementation of the skill follow security best practices. It performs specific performance validation tasks without requesting excessive permissions or accessing sensitive data.
  • [DATA_EXFILTRATION]: The report_violation.py script provides an optional feature to send reports to a Slack webhook. This utility is limited to performance data and targets official Slack endpoints, qualifying as a safe use of network capabilities for a well-known service.
  • [COMMAND_EXECUTION]: The skill is configured to use scoped shell commands for performance tools like Lighthouse and Webpack. This restriction prevents the agent from executing arbitrary or dangerous system commands.
  • [REMOTE_CODE_EXECUTION]: Analysis of the Python scripts confirms that no dynamic code execution or remote script fetching occurs. The logic relies on standard, built-in Python modules.
  • [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded secrets or instructions to access restricted credential files. It operates on performance configuration and metric files as expected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 09:21 AM
Security Audit — agent-trust-hub — validating-performance-budgets