file-cleaner
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces a strict whitelist for file operations, limiting deletions to 'temp/', 'logs/', and 'cache/' directories relative to the workspace root.
- [SAFE]: Path traversal attacks are mitigated through the use of
path.resolve(), which normalizes user-provided input before validating it against the allowed prefixes. - [SAFE]: Explicit checks are included to prevent the deletion of critical directories such as the workspace root and the 'skills/' directory itself.
- [SAFE]: The code uses only built-in Node.js modules (
fsandpath) and contains no external dependencies, remote code downloads, or network communication.
Audit Metadata