The Agent Skills Directory

[COMMAND_EXECUTION]: The cleanup script generation feature is vulnerable to command injection because it fails to sanitize file paths.
Evidence: In scripts/find_garbage.py, the generate_cleanup_script function concatenates file paths directly into shell command strings: f.write(f"rm -f \"{file['path']}\"\n").
Risk: Maliciously crafted filenames containing shell metacharacters (e.g., backticks, $(), or ;) will be executed by the system shell when the generated script is run.
[COMMAND_EXECUTION]: The skill performs destructive operations on the filesystem including recursive directory deletion.
Evidence: scripts/clean_interactive.py uses shutil.rmtree and Path.unlink to remove data from the host machine.
Risk: While the skill provides an exclusion list for system directories, the logic is limited and could still allow for the unintended deletion of critical user data or system configurations.
[COMMAND_EXECUTION]: The skill is susceptible to indirect prompt injection via file system metadata.
Ingestion points: scripts/find_garbage.py and scripts/find_large_files.py ingest file names and paths directly from the local file system using os.walk.
Boundary markers: Absent; the tool does not use delimiters or instructions to ignore malicious content embedded in file metadata.
Capability inventory: The skill possesses the capability to delete files/directories and generate executable shell scripts.
Sanitization: Absent; file metadata (paths/names) is not escaped or validated before being used in script generation or interactive cleanup commands.

file-cleaner