cleaning-wsl-docker
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses potentially destructive commands such as
rm -rfto delete cache and log directories within the WSL environment. These operations pose a risk of unintended data loss if the target paths are incorrectly specified or maliciously influenced. - [COMMAND_EXECUTION]: The skill provides instructions for the user to execute
diskpartwith Administrator privileges. While intended for disk compaction, this involves guiding the user through high-privilege system operations that could be dangerous if misconfigured. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its handling of project paths.
- Ingestion points: Untrusted project paths enter the agent context in
SKILL.mdduring the cleanup phase. - Boundary markers: The skill lacks delimiters or warnings to ignore embedded instructions within the interpolated paths.
- Capability inventory: The skill possesses directory deletion capabilities via
rm -rfandfindcommands inSKILL.md. - Sanitization: There is no evidence of input validation or shell escaping for user-provided paths before they are used in commands.
- [COMMAND_EXECUTION]: The skill uses dynamic execution by instructing the AI or user to update and run a
diskpartscript (compact-wsl.txt) containing local file system paths.
Audit Metadata