janitor-cleanup
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell script located at
~/.claude/skills/skills-janitor/scripts/scan.shto perform its scanning and cleanup functions. - [PROMPT_INJECTION]: The skill processes untrusted metadata from the local file system (directory names and symlink targets), creating a surface for indirect prompt injection. * Ingestion points: File system structure and metadata (folder names, symlink targets). * Boundary markers: Absent from the instructions. * Capability inventory: Shell script execution via bash. * Sanitization: No mention of sanitizing or escaping file system metadata before the agent parses or displays it.
Audit Metadata