Skills
skills/levnikolaevich/claude-code-skills/ln-626-dead-code-auditor/Gen Agent Trust Hub

ln-626-dead-code-auditor

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute static analysis utilities and linters, such as ESLint and Flake8, to identify unreachable and unused code. This is the primary mechanism for its auditing function.
  • [EXTERNAL_DOWNLOADS]: The diagram.html file references the Mermaid.js library from the JSDelivr CDN (cdn.jsdelivr.net) to render workflow diagrams. JSDelivr is a well-known and reputable content delivery service.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and processes source code from external codebases.
  • Ingestion points: The skill reads files from the codebase root provided in the contextStore using Read, Grep, and Glob tools.
  • Boundary markers: No specific delimiters or instructions are provided to distinguish between untrusted file content and agent instructions.
  • Capability inventory: The agent has access to the Bash tool and file system via Read, Grep, and Glob to perform its analysis and generate reports.
  • Sanitization: The instructions do not specify any sanitization or validation of the ingested code content before it is analyzed or included in the audit report.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:04 AM