eng-codebase-cleanup
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs potentially destructive file system operations, including
find -deleteandrm -rf, to remove identified junk files and empty directories. - [COMMAND_EXECUTION]: The workflow involves executing external binaries and project-specific scripts such as
npm test,pytest, andnpm run build. This presents a risk of Indirect Remote Code Execution if the repository being cleaned contains malicious configurations inpackage.jsonor test files. - [DATA_EXFILTRATION]: The included Python script
scripts/analyze_codebase.pyreads the contents of all source files to build a dependency graph, providing the agent with access to the project's source code, which may contain sensitive information. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes untrusted data from the codebase to drive cleanup decisions.
- Ingestion points: All source code files within the project directory are read and analyzed via the
scripts/analyze_codebase.pyscript and shell commands likegrepandfind. - Boundary markers: The skill lacks explicit boundary markers or instructions for the agent to ignore malicious patterns embedded within the analyzed code comments or file metadata.
- Capability inventory: The agent has the ability to delete files, modify the git history, and execute arbitrary shell commands defined in the project's build system (e.g., package scripts).
- Sanitization: No sanitization or validation of the analyzed file content is performed to prevent instructions embedded in the code from influencing the agent's behavior.
Audit Metadata