auto-performance
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior or intentional security bypasses were detected in the skill instructions or metadata. The skill focuses on standard performance engineering practices.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute profiling utilities and benchmark tests. This is a standard requirement for performance engineering and is managed through the skill's optimization workflow. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it reads and modifies external code files using powerful tools.
- Ingestion points: Source code files read via
Read,Grep, andGlobtools. - Boundary markers: Absent; the instructions do not specify delimiters for distinguishing code data from system instructions.
- Capability inventory: Access to
Bashfor command execution andWrite/Editfor file system modification. - Sanitization: None described for input code content.
- Mitigation: The skill's non-negotiable requirement for
adversarial-verify(regression testing) provides a security control that prevents the acceptance of optimizations that change intended behavior, thereby mitigating functional impact from potential injections.
Audit Metadata