audit
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage files and version control. It executes
rmto delete files identified as "cruft" and usesgit addandgit committo finalize cleanup actions. These operations are core to the skill's purpose and are initiated only after the user selects "Fix now" during the interactive triage phase. - [COMMAND_EXECUTION]: The skill integrates with a CLI tool named
kspecfor session management and task tracking (e.g.,kspec task add,kspec inbox add). This tool is part of the author's environment and is used according to its intended functionality. - [INDIRECT_PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection as it scans untrusted codebase content (comments, documentation, and external configuration files) and provides this data to sub-agents.
- Ingestion points: The skill reads data from
src/,tests/,docs/,package.json, and.kspec/directories. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the sub-agent exploration prompts.
- Capability inventory: The agent can delete files (
rm), modify files (Edit tool), commit code to git, and manage tasks via thekspecCLI. - Sanitization: No specific sanitization or filtering of codebase content is mentioned; however, the risk is significantly mitigated by the mandatory "Interactive Triage" phase (Phase 3), which ensures that no execution happens without direct user confirmation.
Audit Metadata