code-cleanup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from local source code files to generate cleanup suggestions.
- Ingestion points: The scripts
scan_dead_code.py,scan_stale_code.py, andscan_unused_deps.pyread the content of all source files in a user-specified directory. - Boundary markers: No specific boundary markers or 'ignore' instructions are added to the output report to distinguish between the tool's logic and the data extracted from scanned files.
- Capability inventory: The skill documentation suggests that the agent (Claude) should help apply the identified changes (editing/deleting files) after reviewing the report.
- Sanitization: The scripts use AST parsing and regex to extract specific identifiers (function names, imports). While this limits the injection surface compared to raw text ingestion, a malicious actor could name a function or variable in a way that attempts to influence the agent's behavior when the 'suggestion' field is read.
- Data Exposure (SAFE): While the tool reads project files, it is designed for this specific purpose. It includes hardcoded filters to ignore sensitive directories such as
.git,node_modules, and virtual environments (venv,.venv), and it does not perform any network operations.
Audit Metadata