cleanup-package-json
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (LOW): The skill uses shell commands (
rm -rf,npm/yarn/pnpm install) to reset the local development environment. These are standard operations for dependency management but involve destructive file operations. - Indirect Prompt Injection (LOW): The skill processes untrusted data from the local project which could influence agent behavior.
- Ingestion points:
package.json, project source code (e.g.,src/,lib/), and CI workflow files (.github/workflows/). - Boundary markers: Absent; there are no specific delimiters used to separate the content of files from the agent's instructions.
- Capability inventory: The skill has the ability to modify configuration files, rewrite CI workflows, and execute shell commands.
- Sanitization: Absent; however, the workflow explicitly includes a user-review step (Step 2) before modifications are performed.
- External Downloads (LOW): The skill triggers the download of external packages from official registries (npm/yarn/pnpm) during the lockfile regeneration process, which is the intended behavior of the tool.
Audit Metadata