dead-code-audit
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it is designed to read and analyze untrustworthy data from repositories, including source code, comments, and manifest files.
- Ingestion points: Manifest files (e.g., package.json, pyproject.toml, Cargo.toml, go.mod) and source code files as described in SKILL.md and references/tool-selection.md.
- Boundary markers: No explicit delimiters or instructions are provided to separate audited data from agent instructions or to ignore embedded commands within the files.
- Capability inventory: The agent is authorized to read files and execute multiple repository-native and auditing tools (e.g., npm, cargo, go, ruff, eslint, ripgrep, staticcheck, vulture, and cargo udeps).
- Sanitization: There is no evidence of sanitization or validation of the audited content before processing.
- [COMMAND_EXECUTION]: The skill instructs the agent to run project-native commands and scripts (e.g., existing lint scripts and test commands defined in package.json). This presents a risk of executing arbitrary code if the audited repository contains malicious script definitions.
Audit Metadata