s-clean
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external data (WoW addon source code and documentation) to identify dead code and stale references.
- Ingestion Points: External addon files are analyzed via MCP tools
addon.deadcodeanddocs.stale. - Boundary Markers: Absent. The instructions do not specify delimiters for separating the source code from the agent's instructions.
- Capability Inventory: The skill uses MCP tools for analysis but does not explicitly define file-write or network capabilities; however, it influences the agent's decision-making regarding code deletion.
- Sanitization: Absent. There is no mention of sanitizing or escaping the content read from the addon files before the agent processes it.
- Unverifiable Dependencies (INFO): The skill references external MCP tools (
addon.deadcode,docs.stale) and related commands (c-clean,c-review) which are assumed to be part of the environment. No unauthorized remote downloads were detected.
Audit Metadata