ln-832-bundle-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell-based build commands (e.g.,
npm run build) to measure initial bundle size and verify code optimizations during the keep/discard loop. - [EXTERNAL_DOWNLOADS]: Utilizes
npxto run well-known JavaScript analysis tools such asdepcheck,vite-bundle-visualizer, andwebpack-bundle-analyzerfrom the npm registry. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it operates on potentially untrusted external project files.
- Ingestion points: Reads
package.jsonfor script detection and project source files for import analysis. - Boundary markers: Absent; the skill does not define specific markers to distinguish between its own logic and data found in the project files.
- Capability inventory: High; the skill has the ability to execute shell commands (build scripts) and write to the filesystem (modifying source code and dependencies).
- Sanitization: Absent; the skill lacks validation mechanisms for the contents of the project files before execution or modification.
Audit Metadata