skills/jeremylongshore/claude-code-plugins-plus-skills/validating-performance-budgets/Gen Agent Trust Hub
validating-performance-budgets
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The overall design and implementation of the skill follow security best practices. It performs specific performance validation tasks without requesting excessive permissions or accessing sensitive data.
- [DATA_EXFILTRATION]: The report_violation.py script provides an optional feature to send reports to a Slack webhook. This utility is limited to performance data and targets official Slack endpoints, qualifying as a safe use of network capabilities for a well-known service.
- [COMMAND_EXECUTION]: The skill is configured to use scoped shell commands for performance tools like Lighthouse and Webpack. This restriction prevents the agent from executing arbitrary or dangerous system commands.
- [REMOTE_CODE_EXECUTION]: Analysis of the Python scripts confirms that no dynamic code execution or remote script fetching occurs. The logic relies on standard, built-in Python modules.
- [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded secrets or instructions to access restricted credential files. It operates on performance configuration and metric files as expected.
Audit Metadata