dead-code-eliminator
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows a strict multi-phase execution flow with a mandatory Approval Gate before making any changes to the user's files.
- [COMMAND_EXECUTION]: The skill performs local project analysis and may run standard testing/linting commands like npm test only after explicit user consent in Phase 6. No unauthorized or hidden commands were found.
- [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by reading local codebase files as untrusted data. 1. Ingestion points: Local source code files, package.json, pyproject.toml, and other configuration files are read during Phase 1 and Phase 2. 2. Boundary markers: Absent. The skill does not explicitly use delimiters to distinguish between analyzed code and potential malicious instructions embedded in comments. 3. Capability inventory: File reading for analysis, file writing for code removal (user-gated), and subprocess execution for running project tests. 4. Sanitization: Absent. Data is processed directly for reachability tracing.
- [DATA_EXFILTRATION]: No network-enabled commands or exfiltration patterns were detected. All analysis remains local to the user's environment.
Audit Metadata