clean-component-removal
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform destructive operations, including the removal of files viarm -fand the termination of processes usingpkill -f. It also invokes a local shell script located at~/eon/cc-skills/plugins/tts-tg-sync/scripts/kokoro-install.shto perform uninstallation tasks. - [CREDENTIALS_UNSAFE]: The instructions explicitly target a secrets file at
~/.claude/.secrets/ccterrybot-telegramfor deletion. Accessing or managing files within credential directories is a sensitive operation that carries risk if misused. - [PROMPT_INJECTION]: The skill includes a 'Post-Execution Reflection' mechanism that commands the agent to autonomously edit the
SKILL.mdfile. This self-modification capability can be used to alter agent behavior or bypass security logic across subsequent sessions. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the
AskUserQuestiontool, where untrusted user input is collected to influence component removal logic. - Ingestion points: User selection input via
AskUserQuestionin Phase 1 ofSKILL.md. - Boundary markers: None identified; the instructions do not specify delimiters for user-provided data.
- Capability inventory: Subprocess execution via
Bash(includingrm,pkill, and local script execution). - Sanitization: None identified; the workflow lacks explicit validation or escaping of the user's choice before execution.
Audit Metadata