token-waste-elimination
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute an audit tool locally using the command
node .github/muscles/audit-token-waste.cjsto evaluate the size and structure of instruction files.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data contained within repository memory files (instructions and prompts). - Ingestion points: Content is read from files in the
.github/instructions/and.github/skills/directories. - Boundary markers: None are explicitly defined in the provided audit logic.
- Capability inventory: The skill has the capability to read and modify local files via the provided Javascript script.
- Sanitization: The skill implements strict pattern matching and line-count thresholds to identify and remove redundant content.- [DYNAMIC_EXECUTION]: The skill includes an example Javascript script that uses Node.js filesystem modules (
fs) to perform directory traversal and file analysis at runtime. This behavior is confined to the local repository environment.
Audit Metadata