rag-perf

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is performance benchmarking of RAG (Retrieval-Augmented Generation) servers. The instructions focus on configuring YAML-driven load tests and interpreting resulting metrics such as TTFT (Time To First Token) and throughput.
  • [COMMAND_EXECUTION]: The skill uses uv, python, and curl to manage environments, run tests, and check server status. These commands are appropriately scoped and defined within the allowed-tools section for legitimate benchmarking tasks.
  • [EXTERNAL_DOWNLOADS]: Dependencies like pytest-asyncio and aiperf are installed through standard Python package managers (uv, pip). The skill references resources from a well-known organization's public repository, which is standard practice for open-source development tools.
  • [DATA_EXPOSURE]: The tool processes benchmarking datasets in .jsonl and .csv formats and writes performance reports to a local directory. There is no evidence of unauthorized access to sensitive system files, environment variables, or user credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — rag-perf