performance-profiling
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/lighthouse_audit.pyuses thesubprocess.runfunction to execute thelighthousecommand-line tool for performance auditing. The implementation follows security best practices by passing arguments as a list and not usingshell=True, which prevents command injection via the target URL. - [EXTERNAL_DOWNLOADS]: The script documentation notes a dependency on the well-known
lighthouseCLI tool, which is expected for this functionality. The skill itself does not perform any remote code execution or unauthorized downloads. - [DATA_EXFILTRATION]: Analysis shows no attempts to access sensitive files (such as credentials or environment variables) or exfiltrate data to external servers. The script only processes the target URL and the resulting audit report.
- [PROMPT_INJECTION]: The instructions in
SKILL.mdare strictly limited to performance optimization guidelines and do not contain any patterns designed to override agent behavior or bypass safety filters.
Audit Metadata