mac-cleanup
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands like 'rm -rf' on numerous system and user paths including '
/Library/Caches', '/Library/Logs', and '~/Library/Developer/Xcode/DerivedData' to perform file deletions. - [COMMAND_EXECUTION]: It invokes system and developer tools such as 'brew cleanup', 'npm cache clean --force', and 'docker system prune' for maintenance tasks.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting and displaying file names from user-controlled locations like the Downloads folder. Evidence: Ingestion points: File and directory listings from '~/Downloads' and iOS backup paths. Boundary markers: Absent; the skill does not use delimiters to isolate external file names from the agent's instructions. Capability inventory: Includes destructive file deletion commands. Sanitization: No evidence of validation or escaping for ingested file names.
Audit Metadata