janitor-audit
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local shell script (
~/.claude/skills/skills-janitor/scripts/scan.sh) to perform its inventory functions. As this script is not included in the provided content, its specific commands and safety cannot be verified. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) by ingesting untrusted data from the file system.
- Ingestion points: Metadata (names, descriptions) from SKILL.md files in
~/.claude/skills/,./.claude/skills/, and account-level plugin directories. - Boundary markers: Absent; results are rendered directly into a summary table without instructions to ignore embedded content.
- Capability inventory: Shell execution via bash.
- Sanitization: There is no evidence of sanitization or escaping of the ingested metadata before it is presented to the agent context.
- [DATA_EXFILTRATION]: The skill scans potentially sensitive directories, including
~/.claude-account-personal/plugins/and~/.claude-account-company/plugins/. While this is aligned with its stated purpose of skill auditing, these locations may contain private account configurations or plugin-specific information.
Audit Metadata