xprof-profiling-analysis
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow that ingests technical data from external XProf profiling instances. This represents an indirect prompt injection surface where malicious content embedded within profiling metadata (e.g., operation names or execution logs) could attempt to manipulate the agent's summary or decision-making process.
- Ingestion points: Data is ingested through tools like
xprof_list_runs,xprof_overview,xprof_framework_ops, andxprof_memory(SKILL.md). - Boundary markers: There are no specific delimiters or instructions defined to separate external profiling data from the agent's primary instructions or to ignore embedded instructions within that data.
- Capability inventory: The skill utilizes MCP tools to query external network services and provides instructions for local command-line operations.
- Sanitization: No sanitization or validation logic is specified for the data retrieved from the XProf service before it is presented to the agent.
- [COMMAND_EXECUTION]: The skill instructions prompt the user to execute shell commands to configure the platform and perform offline analysis.
- Evidence: The skill provides commands for local configuration (
claude settings set enabledPlugins.xprof-profiling-analysis@primatrix-skills true), network tunneling (kubectl port-forward), and usage of a local CLI utility (xprof.pyin Appendix G).
Audit Metadata