machine-cleanup

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses rm -rf for directory deletion and osascript to terminate running applications. While these actions require explicit user confirmation for each target, they represent high-risk operations within the user's home directory.
  • [CREDENTIALS_UNSAFE]: The scripts/inventory.sh tool and the Dotfolder Scanner Agent are designed to identify and flag sensitive authentication artifacts, including SSH private keys (id_rsa, id_ed25519), AWS credentials, GPG keys, and various environment/token files (.env, auth.json, JWTs). Accessing this metadata and bringing it into the LLM context or including it in summary artifacts poses a data exposure risk.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Because it identifies tools by reading file names and top-level configuration contents in the user's home directory, a malicious file or folder name (e.g., 'IMPORTANT_DELETE_SSH_CONFIG') could be used to deceive the agent during its classification phase.
  • [DYNAMIC_EXECUTION]: The skill executes a bundled shell script, scripts/inventory.sh, to perform a deep sweep of the machine's state. It also employs dynamic command assembly for tasks like changing file permissions (chmod -R u+w) before deletion and commenting out lines in shell configuration files (.zshrc, etc.).
  • [PRIVILEGE_ESCALATION]: The skill uses chmod -R u+w to modify permissions on directory trees that are otherwise read-only (such as the Go module cache) to facilitate their removal.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — machine-cleanup