agent-benchmark
Measures and tracks agent response quality, detecting regressions and ensuring performance baselines are maintained.
Install this skill
Security score
The agent-benchmark skill was audited on May 27, 2026 and we found 16 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 359 | const response = await fetch(`/api/users/${id}`) |
Access to hidden dotfiles in home directory
| 35 | ~/.claude/benchmarks/ |
Access to hidden dotfiles in home directory
| 163 | node ~/.claude/benchmarks/run.mjs |
Access to hidden dotfiles in home directory
| 172 | node ~/.claude/benchmarks/run.mjs --agent code-reviewer |
Access to hidden dotfiles in home directory
| 175 | node ~/.claude/benchmarks/run.mjs --agent code-reviewer --verbose |
Access to hidden dotfiles in home directory
| 182 | node ~/.claude/benchmarks/run.mjs --compare |
Access to hidden dotfiles in home directory
| 185 | node ~/.claude/benchmarks/run.mjs \ |
Access to hidden dotfiles in home directory
| 196 | node ~/.claude/benchmarks/run.mjs --baseline update |
Access to hidden dotfiles in home directory
| 322 | run: node ~/.claude/benchmarks/run.mjs --compare |
Access to hidden dotfiles in home directory
| 337 | node ~/.claude/benchmarks/run.mjs --check-regression |
Access to hidden dotfiles in home directory
| 389 | node ~/.claude/hooks/dist/canavar-cli.mjs errors |
Access to hidden dotfiles in home directory
| 398 | node ~/.claude/benchmarks/run.mjs --agent code-reviewer --save-as before |
Access to hidden dotfiles in home directory
| 401 | node ~/.claude/benchmarks/run.mjs --agent code-reviewer --compare before |
Access to hidden dotfiles in home directory
| 404 | node ~/.claude/benchmarks/run.mjs --compare --fail-on-regression |
Access to hidden dotfiles in home directory
| 407 | node ~/.claude/benchmarks/run.mjs --baseline update |
Prompting for password/secret input
| 42 | hardcoded-secret.ts # Input: API key in source |