maintaining-windows-health
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill performs disk cleanup using native Windows tools and bare file deletions. These operations are strictly gated by a dedicated validator script (apply-cleanup-selection.py) that implements NTFS path canonicalization, longest-prefix-wins classification, and rejection of command-chaining metacharacters.
- [EXTERNAL_DOWNLOADS]: The installation script (Install-WinHealthCheck.ps1) fetches the BurntToast module from the Microsoft PowerShell Gallery to enable desktop notifications. This is a standard dependency for the monitoring feature.
- [COMMAND_EXECUTION]: The skill utilizes Task Scheduler to persist a health-monitoring script (win-health-check.ps1) that runs in the interactive user session. This is an intended persistence mechanism for proactive alerting.
- [COMMAND_EXECUTION]: The Audit-WinHealth.ps1 script executes various native Windows diagnostic tools (DISM, vssadmin, pnputil) to collect system health data. These are read-only operations used for initial assessment.
Audit Metadata