ln-810-performance-optimizer
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a custom Node.js script (references/scripts/optimization-runtime/cli.mjs) to coordinate optimization phases and manage run-scoped state in the .hex-skills/ directory.
- [COMMAND_EXECUTION]: The skill includes a detailed guide (references/ci_tool_detection.md) for discovering and executing common development tools like npm, pytest, and ruff to analyze performance metrics.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing user-supplied target and observed_metric inputs to drive its workflow. 1. Ingestion points: target and observed_metric inputs in SKILL.md. 2. Boundary markers: absent. 3. Capability inventory: execution of code and code modifications via sub-skill invocation (e.g., ln-814-optimization-executor). 4. Sanitization: none specified for these inputs.
- [SAFE]: No malicious code, credential exfiltration, or persistence mechanisms were detected.
Audit Metadata