clean-my-room
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses common shell utilities (du, ls, fd, rm, mv) to perform its core functions of inventorying and managing files within the user's workspace.
- [DATA_EXFILTRATION]: While the skill scans local file system metadata (file names and sizes), it lacks any network-capable commands (such as curl or wget) or instructions to transmit this data externally.
- [EXTERNAL_DOWNLOADS]: The skill's documentation contains links to external resources for inspiration, including a third-party website (mcpmarket.com) and a GitHub repository (matsuni-kk/agent_template_public), which are used for informational purposes only and do not involve automated execution or package installation.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests untrusted data from the local file system (file and directory names).
- Ingestion points: File system metadata (names/paths) and the content of .gitignore files.
- Boundary markers: None explicitly defined in the instructions for separating file data from agent instructions.
- Capability inventory: Includes the ability to delete files (rm, trash), move files (mv, git mv), and modify files (.gitignore revision).
- Sanitization: No specific sanitization or validation of file names is mentioned before they are processed or displayed to the user.
Audit Metadata