magento-performance
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run various bin/magento CLI commands and static content deployment scripts using the Bash tool.
- [DATA_EXFILTRATION]: The skill requires reading and editing the app/etc/env.php file to configure caching and session storage. This file is highly sensitive as it contains database credentials, session configurations, and system encryption keys.
- [PROMPT_INJECTION]: The skill utilizes WebSearch and WebFetch tools to retrieve performance documentation from Adobe domains. This creates an indirect prompt injection surface where instructions from external websites could influence agent actions.
- Ingestion points: WebSearch and WebFetch tools are used to ingest documentation from experienceleague.adobe.com and developer.adobe.com.
- Boundary markers: Absent. No instructions are provided to the agent to ignore potentially malicious instructions within the fetched content.
- Capability inventory: The skill utilizes Bash, Write, Edit, and Read tools, which could be leveraged if an injection occurs.
- Sanitization: Absent. The skill lacks mechanisms to validate or filter retrieved content before it is used to guide configuration or command execution.
Audit Metadata