clean
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell operations (
mv,rm -rf) on file paths discovered by a sub-agent. These paths are whitelisted by directory but not sanitized for shell metacharacters like$(), backticks, or semicolons. An attacker could create a file with a malicious name in a whitelisted directory to trigger command execution during cleanup. - [PROMPT_INJECTION]: The skill relies on a sub-agent to discover artifacts, creating an indirect prompt injection surface.
- Ingestion points: The skill spawns a sub-agent to scan project files including
.workflow/project-tech.json,.claude/rules/tech/, andsrc/to identify cleanup targets. - Boundary markers: Absent. No instructions are provided to the sub-agent to treat file content as untrusted or to avoid processing instructions embedded within the scanned data.
- Capability inventory: The skill possesses extensive filesystem capabilities, including the ability to execute
bashcommands for moving and deleting directories/files based on sub-agent output. - Sanitization: While the skill performs basic path traversal checks (detecting
..) and verifies directory prefixes, it fails to sanitize for shell injection characters in the discovered file paths before execution.
Recommendations
- AI detected serious security threats
Audit Metadata