auto-performance

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious behavior or intentional security bypasses were detected in the skill instructions or metadata. The skill focuses on standard performance engineering practices.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute profiling utilities and benchmark tests. This is a standard requirement for performance engineering and is managed through the skill's optimization workflow.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it reads and modifies external code files using powerful tools.
  • Ingestion points: Source code files read via Read, Grep, and Glob tools.
  • Boundary markers: Absent; the instructions do not specify delimiters for distinguishing code data from system instructions.
  • Capability inventory: Access to Bash for command execution and Write/Edit for file system modification.
  • Sanitization: None described for input code content.
  • Mitigation: The skill's non-negotiable requirement for adversarial-verify (regression testing) provides a security control that prevents the acceptance of optimizations that change intended behavior, thereby mitigating functional impact from potential injections.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — auto-performance