ai-code-cleanup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Command Execution (SAFE): The skill executes
git diffto identify modified files. This is a standard and expected operation for a code cleanup tool. - Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection as it ingests and acts upon untrusted data (source code).
- Ingestion points: Files identified via
git diffand processed during the 'Analyze Each File' phase inSKILL.md. - Boundary markers: Absent. The agent is instructed to 'Read the full file' without specific delimiters or instructions to ignore embedded malicious content.
- Capability inventory: The skill performs file reading, file modification ('surgical edits'), and shell command execution (git commands and user-defined
{{TEST_COMMANDS}}). - Sanitization: Absent. No escaping or validation of code content is performed before processing or inclusion in the refactoring plan.
- Functional Safety (SAFE): The skill specifically instructs the agent to remove 'Defensive Bloat,' including
try/catchblocks and null/undefined checks. While not malicious, this recommendation constitutes a best-practice violation that could lead to logic vulnerabilities if security-critical validation is removed.
Audit Metadata