clean-artifacts
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses dynamic context injection (the '!' syntax) in the SKILL.md file to execute benign local commands for status reporting, such as counting markdown files and checking the git history of the manifest. These operations are restricted to local disk and version control metadata.
- [SAFE]: Supporting scripts like
manifest-sync.tsandbootstrap-experience.tsimplement robust path validation, ensuring that file writes and reads remain within the project scope and refusing to follow or overwrite symbolic links. - [SAFE]: The skill defines clear 'HARD-NEVER' rules that prevent the agent from touching sensitive directories like
.git,node_modules, or canonical research and brand folders, regardless of their age or manifest status. - [SAFE]: The process for archiving files includes a mandatory human-in-the-loop confirmation step for each category of artifacts identified (STALE, ORPHAN, LEGACY, EPHEMERAL), ensuring the operator retains final control over all changes.
Audit Metadata