dead-code-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run commands such asgit status,git diff, andgit log. These operations are used to manage Git state and analyze code history, which are powerful actions that could be abused if not handled with user confirmation (which the skill generally includes). - [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection as it reads and analyzes external data (Swift source code). Attacker-controlled code or comments could attempt to influence the agent's assessment logic or the output of the 'Issue Rating Table'.
- [COMMAND_EXECUTION]: Data extracted from source files (specifically symbol names) is interpolated into shell strings, e.g.,
git log -p -S "symbolName". While Swift identifier syntax limits characters, the lack of explicit sanitization for shell metacharacters represents a vulnerability surface. - [PROMPT_INJECTION]: Mandatory Evidence Chain for Indirect Prompt Injection:
- Ingestion points: Files matching
**/*.swiftare read byGrep,LSP, andReadtools. - Boundary markers: The skill does not implement delimiters or 'ignore' instructions for the content of the files it scans.
- Capability inventory: The skill can execute shell commands via
Bash, write reports viaWrite, and perform interactive actions viaAskUserQuestion(including deleting files and committing to Git). - Sanitization: Extracted source content is used in reports and shell commands without explicit sanitization or escaping of the values.
Audit Metadata