The Agent Skills Directory

Privilege Escalation (HIGH): The documentation (SKILL.md) and script output (scan_cache.sh) explicitly instruct the user to execute 'sudo rm -rf' on system-wide directories such as /Library/Caches and /tmp. This encourages high-privilege operations that can lead to system instability or data loss if misused.
Command Execution (MEDIUM): The script 'scripts/generate_cleanup_commands.sh' dynamically generates an executable bash script ('safe_delete.sh') using heredocs. This generated script performs recursive deletions (rm -rf) on files passed as arguments. While it includes a 'yes/no' confirmation prompt, the pattern facilitates mass data destruction.
Data Exposure (HIGH): The scanning scripts target highly sensitive locations including '~~/Library/Logs', '/private/var/log', and '~~/Library/Caches'. These locations often contain session tokens, personal identifiers, and application metadata that could be exposed during the scanning process.
External Downloads (LOW): The skill requires the installation of external software ('brew install fdupes'). Per [TRUST-SCOPE-RULE], as Homebrew is a common tool, this is rated as LOW, but the dependency introduces an external attack vector.
Indirect Prompt Injection (MEDIUM): The scanning scripts ('scan_dev_files.sh', 'scan_large_files.sh') ingest filenames directly from the filesystem. If a malicious file is named using shell metacharacters (e.g., '; command ;'), it could potentially lead to unintended command execution when the agent or user processes the resulting lists or suggested commands.

mac-cleaner