dead-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external codebase files which could contain malicious instructions designed to influence agent behavior.
- Ingestion points: Codebase files located in directories passed to the 'tldr' tool for analysis.
- Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded content within analyzed files.
- Capability inventory: The skill utilizes the Bash tool to execute several analysis-related subcommands (dead, impact, arch, structure).
- Sanitization: Absent; there is no evidence of input validation or content sanitization prior to the data being processed and returned to the agent context.
Audit Metadata