maintaining-windows-health

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs disk cleanup using native Windows tools and bare file deletions. These operations are strictly gated by a dedicated validator script (apply-cleanup-selection.py) that implements NTFS path canonicalization, longest-prefix-wins classification, and rejection of command-chaining metacharacters.
  • [EXTERNAL_DOWNLOADS]: The installation script (Install-WinHealthCheck.ps1) fetches the BurntToast module from the Microsoft PowerShell Gallery to enable desktop notifications. This is a standard dependency for the monitoring feature.
  • [COMMAND_EXECUTION]: The skill utilizes Task Scheduler to persist a health-monitoring script (win-health-check.ps1) that runs in the interactive user session. This is an intended persistence mechanism for proactive alerting.
  • [COMMAND_EXECUTION]: The Audit-WinHealth.ps1 script executes various native Windows diagnostic tools (DISM, vssadmin, pnputil) to collect system health data. These are read-only operations used for initial assessment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 01:44 AM
Security Audit — agent-trust-hub — maintaining-windows-health