ln-626-dead-code-pruning-auditor
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for passive code auditing and reporting. It explicitly forbids auto-fixing or deleting code, requiring manual review of all findings.
- [COMMAND_EXECUTION]: Uses Bash and local MCP tools to execute linters (ESLint, Flake8) and search commands (grep). This is standard and necessary behavior for a code analysis tool.
- [DATA_EXFILTRATION]: No evidence of network activity or unauthorized data access. The skill reads project source code to perform its audit and writes the resulting report to a locally defined output directory.
- [PROMPT_INJECTION]: The instructions are strictly scoped to code auditing. No attempts to override agent behavior, bypass safety filters, or extract system prompts were found.
- [INDIRECT_PROMPT_INJECTION]: As an auditor, the skill processes untrusted source code (Layer 1/Layer 2 detection). While this presents an injection surface, the skill's non-destructive nature and focus on specific linter/pattern matches mitigate the risk.
Audit Metadata