Skills
skills/mkdir700/myskills/archive-and-cleanup-vibe-docs/Gen Agent Trust Hub

archive-and-cleanup-vibe-docs

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform file system operations, specifically for identifying and deleting temporary artifacts like plan*.md, progress*.md, and agent logs.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it ingests untrusted data from various sources.
  • Ingestion points: Processes temporary documents including plan*.md, progress*.md, task*.md, design notes, and agent logs (Step 1).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the extraction phase.
  • Capability inventory: The agent has access to Bash, Write, Edit, Glob, and Grep across the workspace.
  • Sanitization: No sanitization or validation of the content of the temporary files is performed before extraction or migration.
  • [DATA_EXFILTRATION]: The skill includes instructions to migrate TODOs and follow-up items to GitHub Issues (Step 3), which involves sending internal project data to an external service provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:38 AM