ito-cleanup
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill detects and executes shell commands defined in the project's configuration files (such as
package.json,Rakefile, orMakefile) to run test suites. This behavior is a standard feature for development tools but relies on the integrity of the scripts defined within the project environment. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes untrusted source code and git diffs provided in the project context.
- Ingestion points: Source code files, git change diffs, and project configuration files (e.g.,
CLAUDE.md). - Boundary markers: There are no explicit delimiters or specific instructions provided to the agent to treat the ingested code content as data rather than instructions.
- Capability inventory: The agent has the authority to modify files and execute local shell commands (testing scripts).
- Sanitization: The skill does not describe any sanitization or validation logic for the code it cleans, relying instead on the model's inherent ability to parse programming languages.
Audit Metadata