janitor-fix
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a bash script (~/.claude/skills/skills-janitor/scripts/fix.sh) to perform file system operations such as editing frontmatter and deleting orphaned directories or broken symlinks. This is standard behavior for an administrative tool.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it processes data from external sources (other skills in the local environment). Ingestion points: Reads folder names and SKILL.md content from other installed skills to repair descriptions and frontmatter. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are mentioned for the ingestion process. Capability inventory: Executes bash scripts and performs file modifications/deletions. Sanitization: No sanitization of the ingested data is described in the documentation. This presents a theoretical risk of command injection if a malicious skill with a specially crafted name or metadata field is present in the environment.
Audit Metadata