code-dead-code
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development utilities including
knip,vulture, andcargo macheteto analyze codebases for unused exports and dependencies. These commands are typical for the skill's stated purpose of codebase maintenance. - [DYNAMIC_CONTEXT_INJECTION]: The skill uses dynamic context injection (the
!command syntax) to locate project manifest files (e.g., package.json, Cargo.toml) and tool configurations. These operations are restricted to the local file system using thefindutility and do not process untrusted external inputs or perform network operations. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto run Node.js utilities. This may result in downloading packages from the official npm registry if they are not locally available, which is standard behavior for this toolchain. - [DATA_EXFILTRATION]: No exfiltration patterns were detected. The skill reads file paths and content solely for the purpose of identifying unreachable code and unused exports within the local environment.
Audit Metadata