dead-code-removal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Detected an indirect prompt injection surface (Category 8). 1. Ingestion points: The skill reads local source code files for analysis (e.g., src/utils.py). 2. Boundary markers: Absent; there are no delimiters or instructions to ignore potential instructions embedded in code comments. 3. Capability inventory: The skill modifies project files and executes local validation commands (pytest, eslint, javac, mvn). 4. Sanitization: Uses AST parsing for Python analysis in the provided scripts/find-unused-imports.py, which is safe from execution but does not filter natural language instructions.
- [COMMAND_EXECUTION] (LOW): The skill utilizes command-line tools for syntax verification and testing. While these are used for validation of code removal, they represent a significant capability surface.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or unauthorized network operations were identified.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote scripts are downloaded or executed; analysis is performed using local scripts and standard libraries.
Audit Metadata