clean-codebase
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a variety of standard development and maintenance CLI tools. This includes linters and formatters likeeslint,prettier,black,ruff, andcargo clippyto apply automated fixes to the codebase. - [COMMAND_EXECUTION]: The skill executes the codebase's internal test suite (e.g.,
npm test,pytest,cargo test) to ensure that cleanup operations have not altered business logic or introduced regressions. This involves the execution of code contained within the target directory. - [COMMAND_EXECUTION]: Shell utilities such as
find,grep, andsedare employed to identify orphaned code and perform bulk text transformations for formatting normalization, such as removing trailing whitespace. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection as it processes untrusted content from the target codebase at the
codebase_path. - Ingestion points: Files within the codebase root are read, edited, and analyzed by the agent.
- Boundary markers: Absent; there are no specific markers or safety instructions directing the agent to ignore potentially malicious instructions embedded in the code or comments of the files being cleaned.
- Capability inventory: The skill possesses
Bashexecution,Write, andEditpermissions, along with the ability to run test runners that execute local code. - Sanitization: Absent; the skill operates directly on file content without sanitizing it for potential injection patterns.
Audit Metadata