Skills
skills/brianlovin/agent-config/knip/Gen Agent Trust Hub

knip

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes npx knip and npm install commands to analyze codebase structure and manage project dependencies.
  • [EXTERNAL_DOWNLOADS]: Fetches the knip package from the official npm registry. This is documented as a standard operation for a well-known development utility.
  • [COMMAND_EXECUTION]: Permits the deletion of local files identified as unused when using the --allow-remove-files flag. The skill includes instructions to ask the user for clarification before deleting high-risk files to prevent accidental data loss.
  • [PROMPT_INJECTION]: Provides a surface for indirect prompt injection because the skill analyzes the content of all files in the project codebase.
  • Ingestion points: Processes all source code and configuration files in the local repository via the knip tool.
  • Boundary markers: None identified; the skill processes the codebase as a whole.
  • Capability inventory: Includes command execution (npx) and file system modification (deleting files via --fix).
  • Sanitization: None; the agent processes the structured results (unused items) provided by the external tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:07 AM