ln-724-replit-cleaner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill explicitly defines and executes destructive shell commands including
rm -rf .local/ .cache/ .upm/ .breakpoints. - Evidence: Phase 4.1 in
SKILL.mdand the 'Execute Phase' indiagram.htmlshow direct calls torm -rfon common directory names. - Risk: Without strict path validation or scoping, there is a high risk of deleting critical user data if the agent's current working directory is misaligned.
- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill processes and modifies untrusted external content from an exported project, including source code,
package.json, andvite.config.ts. - Ingestion Points:
package.json,vite.config.ts, and all**/*.{ts,tsx,js,jsx}files. - Boundary Markers: Absent. The tool reads file contents directly for pattern matching and replacement.
- Capability Inventory: Subprocess execution (
rm,rm -rf) and file write operations. - Sanitization: Absent. The skill uses line-based filtering and JSON parsing but does not sanitize content against potential agent-steering instructions embedded in comments or metadata.
- [DATA_EXPOSURE] (LOW): While the tool primarily deletes data, it scans the entire project structure for specific patterns, which involves reading sensitive configuration files like
.replitandpackage.json.
Recommendations
- AI detected serious security threats
Audit Metadata