performance-profiling
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/lighthouse_audit.pyexecutes thelighthouseCLI command usingsubprocess.run. The implementation correctly uses a list of arguments (parameterization) rather than a shell string, which effectively mitigates shell command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill instructions suggest installing the
lighthousetool via NPM. This is a well-known, industry-standard tool provided by Google for performance and accessibility auditing.
Audit Metadata