repo-cleanup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes powerful commands such as
rm -rffor removing build artifacts andgit mvfor reorganization. While appropriate for the skill's primary purpose of repository cleanup, these operations carry risk if executed on incorrect paths or without sufficient validation. Safety rules in the skill attempt to mitigate this by requiring tests and user confirmation. - [EXTERNAL_DOWNLOADS] (LOW): Several cleanup steps involve executing third-party tools via
npx(e.g.,ts-prune,depcheck,unimported). These tools are executed without version pinning, introducing a dependency on the external npm registry and the integrity of the packages at runtime. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted data from the repository files it analyzes to make cleanup decisions.
- Ingestion points: Read operations on source code, markdown documentation, and configuration files throughout the repository (documented in code-cleanup.md and docs-cleanup.md).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands or malicious instructions within the analyzed files.
- Capability inventory: Bash (rm, mv, mkdir), npx (remote tool execution), and file write capabilities across all script references.
- Sanitization: No sanitization or validation of file content is performed before it is used to influence the agent's logic for identifying 'dead code' or 'completed tasks'.
Audit Metadata