dead-code-detector
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary objective is code quality improvement. All instructions and scripts are consistent with this purpose, and no malicious patterns (such as prompt injection or exfiltration) were found.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of well-known development tools. These include
vulture(Python),knip(TypeScript), andcargo-udeps(Rust). These downloads target official package registries and established open-source repositories. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute code analysis commands. These executions are scoped to the intended function of identifying unused code and imports, following standard development workflows. - [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive file paths or unauthorized network operations were identified. The network activity is limited to package management and schema validation for configuration files (e.g., knip.json).
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it reads and analyzes source code and comments (like TODOs). This is a functional requirement for a code analysis tool. The risk is minimized by the skill's reliance on structured AST parsing via external tools and the explicit requirement for user confirmation before any code is modified or removed.
Audit Metadata