Skills
skills/khendzel/skills-janitor/janitor-search/Gen Agent Trust Hub

janitor-search

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local bash script (~/.claude/skills/skills-janitor/scripts/search.sh) to perform its primary search and comparison functions.
  • [EXTERNAL_DOWNLOADS]: The skill fetches repository metadata from the GitHub API. Interacting with this well-known service is expected for a search utility and does not involve downloading untrusted executable code.
  • [PROMPT_INJECTION]: The skill processes untrusted metadata from GitHub search results, creating an indirect prompt injection surface. 1. Ingestion points: Data enters via search results fetched from GitHub. 2. Boundary markers: None mentioned in the skill instructions. 3. Capability inventory: The skill can execute local scripts and access the network. 4. Sanitization: No sanitization of the external data is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 12:51 PM