Skills
skills/tezuka-akihiro/claudemix/lighthouse/Gen Agent Trust Hub

lighthouse

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Automated execution of repository-local scripts and development tools.
  • The skill runs scripts/psi-measure.mjs to interface with the PageSpeed Insights API.
  • Uses node -e to programmatically extract performance metrics from audit JSON files.
  • Executes quality gate commands including npm run typecheck, npm test, and npm run lint:all before deployment.
  • Performs repository management via git commit and git push to finalize optimizations.
  • [EXTERNAL_DOWNLOADS]: Retrieval of performance data from a well-known service.
  • Connects to Google's PageSpeed Insights API (https://pagespeed.web.dev/) to fetch audit reports.
  • [PROMPT_INJECTION]: Evaluation of the attack surface for indirect prompt injection from audit data.
  • Ingestion points: Reads analysis data from JSON report files stored in the reports/ directory.
  • Boundary markers: Does not implement specific instruction delimiters or guardrails for external data interpolation in its prompts.
  • Capability inventory: Maintains Edit, Write, and Bash capabilities for modifying source code and executing shell commands.
  • Sanitization: Relies on the structured and trusted nature of data provided by the PageSpeed Insights service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:20 AM