macos-cleaner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill makes extensive use of the
subprocess.runfunction to interact with system utilities likedu,df,find,docker,brew,npm, andpip. These calls are implemented using list-style arguments rather than shell strings, effectively preventing shell command injection vulnerabilities. - [DATA_EXPOSURE] (SAFE): The scripts access various system paths, including
~/Library/Cachesand~/Library/Application Support, to calculate disk usage and identify orphaned files. This access is strictly limited to metadata (filenames and sizes) necessary for the cleanup functionality, and no data is transmitted to external servers. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from the local file system in the form of directory and file names. While this presents a theoretical surface for indirect prompt injection if an agent blindly trusts the output strings, the scripts do not evaluate these names as code or instructions, and they provide interactive confirmation steps for destructive actions like deletion.
Audit Metadata