Skills
skills/b-open-io/gemskills/optimize-images/Gen Agent Trust Hub

optimize-images

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The script scripts/optimize-images.ts performs dynamic loading of a local module (resolve-root.ts) from computed paths. It attempts to locate the file by parsing ~/.claude/plugins/installed_plugins.json and checking the GEMSKILLS_ROOT environment variable.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local file system.
  • Ingestion points: Reads image files from the ./public/images directory as identified in scripts/optimize-images.ts.
  • Boundary markers: No delimiters or instructions to ignore embedded content are used when processing image data.
  • Capability inventory: The script has the capability to overwrite files on the disk using Bun.write and execute system commands for benchmarking.
  • Sanitization: No sanitization or validation of the input image content is performed before processing with the sharp library.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the sharp image processing library from standard package registries (NPM/Bun).
  • [COMMAND_EXECUTION]: The SKILL.md file provides several shell command pipelines using find, du, ls, awk, and sort to audit image files and their sizes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 08:09 PM