clean-code
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands such as grep, awk, and sort to perform static analysis of source files located in the src directory.
- [EXTERNAL_DOWNLOADS]: The skill uses npx to execute the ts-unused-exports package, which may download the utility from the npm registry if not already present.
- [PROMPT_INJECTION]: The skill processes source code from the src directory, which represents an indirect prompt injection attack surface.
- Ingestion points: The skill reads file contents using grep commands within the src directory as seen in SKILL.md.
- Boundary markers: No specific delimiters or instructions are used to distinguish file content from the agent's command context.
- Capability inventory: The skill executes shell commands to perform its analysis tasks.
- Sanitization: No sanitization or escaping is performed on the data read from the source files.
Audit Metadata