ln-832-bundle-optimizer
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches fallback reference documents from the author's verified GitHub repository. This is a standard and safe fallback mechanism for providing auxiliary guidelines for this vendor's skills.\n- [COMMAND_EXECUTION]: Utilizes Bash to run the project's build commands and the 'depcheck' utility. These actions are essential for establishing bundle size baselines and verifying the success of optimizations within the user's project.\n- [PROMPT_INJECTION]: The skill analyzes project files like 'package.json' to determine build scripts and identify optimization opportunities. While this represents a surface for indirect prompt injection, it is a functional requirement for automated bundle optimization, and no malicious patterns were detected in the skill's logic.\n
- Ingestion points: Project configuration (package.json) and source files analyzed during the optimization loop.\n
- Boundary markers: No explicit delimiters or 'ignore' instructions are specified for the ingested project content.\n
- Capability inventory: Shell execution (Bash), file system access (Read, Grep, Glob), and several workspace analysis MCP tools.\n
- Sanitization: Build commands are derived directly from the project's own configuration without additional validation.
Audit Metadata