web-performance

Warn

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the agent to execute npx debug-agent@latest, which downloads a package from the public npm registry at runtime. The package is unversioned and its source is not verified as a well-known or trusted provider.\n- [REMOTE_CODE_EXECUTION]: By using npx to run debug-agent, the skill executes code from a remote registry on the host machine. The background execution via the --daemon flag may further obscure the tool's runtime behavior.\n- [COMMAND_EXECUTION]: The skill instructs the agent to run several shell commands, including npx for server initialization and curl for interacting with the logging endpoint, providing a surface for command execution risks.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It analyzes performance logs containing data like sourceURL, sourceFunctionName, and invoker, which are derived from potentially untrusted browser environments. A malicious site could generate performance entries designed to mislead the agent or inject instructions when the logs are interpreted for code fixes.\n
  • Ingestion points: Reads NDJSON traces from /tmp/debug-agent/debug-<sessionId>.log (or OS equivalent).\n
  • Boundary markers: None identified in the log parsing instructions to separate data from potential instructions.\n
  • Capability inventory: The agent is authorized to perform file edits ('Fix'), shell command execution (cleanup, server management), and network requests (curl).\n
  • Sanitization: No evidence of sanitizing or escaping content from the performance logs before analysis.\n- [DATA_EXFILTRATION]: The skill implements a telemetry system that POSTs browser performance data to a local server. While it explicitly forbids the collection of PII, tokens, or cookies, the instrumentation and data transmission mechanism could be monitored if the endpoint were redirected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 01:34 AM
Security Audit — agent-trust-hub — web-performance