Skills
skills/maccesar/titanium-sdk-skills/purgetss/Gen Agent Trust Hub

purgetss

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates potential privilege escalation through the purgetss sudo-update (alias su) command, which is documented to execute sudo npm install -g purgetss to manage global tool updates.
  • [COMMAND_EXECUTION]: The skill implements a persistence and automated execution mechanism via the purgetss watch command. This utility modifies the project's alloy.jmk file to inject a pre:compile task that runs require('child_process').execSync('purgetss', ...) every time the application is compiled.
  • [REMOTE_CODE_EXECUTION]: Multiple commands provided by the skill, such as purgetss create and purgetss install-dependencies, trigger the execution of npm install. This process involves downloading and running code from external registries at runtime.
  • [EXTERNAL_DOWNLOADS]: The skill provides functionality to fetch assets like icon fonts and development configuration files from various external sources, including GitHub and font provider domains.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 01:56 PM