dead-code
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill follows best practices for a diagnostic tool, focusing on read-only analysis of a code graph without attempting to modify the filesystem or perform network operations.
- [COMMAND_EXECUTION]: The skill utilizes a specialized
search()tool to interact with a repository analysis graph (RNA). This tool use is consistent with the stated purpose of identifying dead code and does not involve arbitrary shell command execution. - [PROMPT_INJECTION]: The instructions are task-oriented and do not contain patterns designed to bypass AI safety guidelines or override system prompts.
- [DATA_EXFILTRATION]: No network activity, hardcoded credentials, or access to sensitive local configuration files (e.g., .ssh, .aws) were found.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests data from a repository via the
search()tool, its capabilities are limited to data retrieval and reporting. There are no write operations or executable pathways that would allow malicious code in the scanned repository to influence the agent's environment beyond the reported findings.
Audit Metadata