mac-software-storage-cleanup
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/cleanup_priority1.shexecutes destructiverm -rfcommands on the contents of$HOME/Library/Cachesand$HOME/Library/Developer/CoreSimulator. While categorized as low-risk by the skill, this operation permanently deletes data. - [COMMAND_EXECUTION]: The script
scripts/report_sizes.shimplements an arbitrary file write capability by redirecting its report output to a path provided as a command-line argument. This could be used to overwrite existing system or user files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the handling of file system paths in
scripts/report_sizes.shandscripts/list_priority2_candidates.sh. - Ingestion points: Path arguments passed to scripts via the agent.
- Boundary markers: The
SKILL.mdfile contains instructional boundaries requiring user confirmation before cleanup, but the underlying shell scripts lack technical delimiters or input validation. - Capability inventory: File system deletion (
rm -rf), file creation (>), and directory scanning (find,du). - Sanitization: Scripts use double-quoting for variables to prevent word splitting, but do not validate paths for traversal or sensitive targets.
Audit Metadata