file-cleaner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill workflow involves generating a shell script (
cleanup.sh) usingfind_garbage.pyand executing it. This pattern is highly susceptible to command injection if filenames containing shell metacharacters (e.g., backticks, semicolons) are not rigorously escaped by the script. An attacker could create a file with a malicious name to execute arbitrary commands when the user runs the generated cleanup script. - COMMAND_EXECUTION (HIGH): The core functionality of the skill is the deletion of system files. While it includes exclusion lists for system directories, the capability to perform destructive operations on the filesystem based on automated scanning results poses a high risk of accidental or malicious data loss, especially if run with elevated privileges (sudo) as suggested in the documentation.
- INDIRECT_PROMPT_INJECTION (MEDIUM): The skill processes external data (file paths and names). An attacker could place files with specific names designed to mislead the agent or the user during the interactive cleaning process, potentially tricking them into deleting legitimate files or bypassing safety checks.
- UNVERIFIABLE_LOGIC (MEDIUM): Key components mentioned in the documentation (
find_garbage.pyandclean_interactive.py) are missing from the provided files. These scripts perform the actual destructive actions and script generation, making a full safety verification impossible. The absence of these files while requesting their execution is a significant risk factor.
Recommendations
- AI detected serious security threats
Audit Metadata