repo-cleanup
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
bashtool to perform essential cleanup tasks, including directory creation (mkdir), file movement (mv,git mv), and removal of build artifacts (rm -rf). It also performs git operations to prune merged branches and tag unmerged work for archival. - [EXTERNAL_DOWNLOADS]: The instructions recommend running several well-known Node.js utilities via
npx(e.g.,ts-prune,depcheck,unimported,license-checker) to identify unused exports, dependencies, and files within the codebase. - [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill analyzes content from the local repository to generate reports and determine cleanup actions. \n
- Ingestion points: Content is read from source code, documentation, and configuration files using
Read,Glob, andGreptools. \n - Boundary markers: No specific delimiters are employed to isolate repository content from the agent's internal reasoning. \n
- Capability inventory: The skill possesses the ability to modify the filesystem (
Write,Edit) and execute shell commands (Bash). \n - Sanitization: Input data from the repository is not explicitly sanitized; however, the skill mandates safety procedures such as running tests, verifying builds, and obtaining user confirmation before proceeding with deletions.
Audit Metadata