performance-profiling

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/lighthouse_audit.py executes the lighthouse CLI command using subprocess.run. The implementation correctly uses a list of arguments (parameterization) rather than a shell string, which effectively mitigates shell command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill instructions suggest installing the lighthouse tool via NPM. This is a well-known, industry-standard tool provided by Google for performance and accessibility auditing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 06:25 PM
Security Audit — agent-trust-hub — performance-profiling