check-performance
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local script 'src/check-performance.ts' using the 'bun' runtime. This script takes a URL as an argument to perform performance audits.
- [NO_CODE]: The performance auditing script 'src/check-performance.ts' is missing from the skill package, which prevents verification of its internal logic and safety.
- [PROMPT_INJECTION]: The skill's function of auditing external websites presents a surface for indirect prompt injection. 1. Ingestion points: Remote URL provided to the audit script in SKILL.md. 2. Boundary markers: No explicit delimiters or instruction-bypass warnings are mentioned in the documentation. 3. Capability inventory: Command execution using the 'bun' runtime. 4. Sanitization: Not verifiable as the source code for the script is missing.
Audit Metadata