machine-cleanup
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
rm -rffor directory deletion andosascriptto terminate running applications. While these actions require explicit user confirmation for each target, they represent high-risk operations within the user's home directory. - [CREDENTIALS_UNSAFE]: The
scripts/inventory.shtool and the Dotfolder Scanner Agent are designed to identify and flag sensitive authentication artifacts, including SSH private keys (id_rsa,id_ed25519), AWS credentials, GPG keys, and various environment/token files (.env,auth.json, JWTs). Accessing this metadata and bringing it into the LLM context or including it in summary artifacts poses a data exposure risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Because it identifies tools by reading file names and top-level configuration contents in the user's home directory, a malicious file or folder name (e.g., 'IMPORTANT_DELETE_SSH_CONFIG') could be used to deceive the agent during its classification phase.
- [DYNAMIC_EXECUTION]: The skill executes a bundled shell script,
scripts/inventory.sh, to perform a deep sweep of the machine's state. It also employs dynamic command assembly for tasks like changing file permissions (chmod -R u+w) before deletion and commenting out lines in shell configuration files (.zshrc, etc.). - [PRIVILEGE_ESCALATION]: The skill uses
chmod -R u+wto modify permissions on directory trees that are otherwise read-only (such as the Go module cache) to facilitate their removal.
Audit Metadata