dead-code-detector
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection as it processes untrusted external source code and encourages the agent to perform file deletions and modifications based on that input. * Ingestion points: The agent is instructed to scan user source code directories (e.g., 'src/'). * Capability inventory: The 'Removal Strategy' explicitly instructs the agent to 'Remove obvious unused code first' and 'Document' removals in git commits, granting the agent file-write and system-level influence. * Boundary markers: No delimiters or warnings are provided to prevent the agent from obeying instructions embedded in code comments or strings. * Sanitization: No validation or filtering of the code content is mentioned.
- NO_CODE (INFO): The skill consists entirely of markdown instructions and does not include any executable scripts or configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata