tidymydesktop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface.
- Ingestion points:
scripts/scan.jsreads filenames from the target directory, andscripts/classify.jsuses these names to generate search queries and classifications. Filenames are untrusted data processed by the AI. - Boundary markers: The skill instructions lack explicit delimiters or guidance for the AI to disregard instructions embedded in filenames, which could potentially influence the AI's behavior when generating or executing a cleanup plan.
- Capability inventory: The skill possesses the ability to move and delete files (via the referenced but missing
organize.js) and execute code via wrapper scripts. - Sanitization: While
classify.jsperforms some string cleaning for search queries, there is no security-focused sanitization to prevent the AI from interpreting filenames as instructions. - COMMAND_EXECUTION (LOW): Runtime script execution via wrappers.
- The
scripts/run.jsandscripts/run.shfiles allow for the execution of Node.js scripts by passing arguments to a subprocess. While intended for internal use to manage nvm and platform compatibility, this mechanism can be leveraged to execute arbitrary code if arguments are manipulated. - EXTERNAL_DOWNLOADS (SAFE): Use of standard package registries.
- The project dependencies (
fs-extra,glob,semver,commander) are standard, well-maintained libraries from the official npm registry, used for their intended purposes.
Audit Metadata