Skills
skills/jamie-bitflight/claude_skills/cleanup/Gen Agent Trust Hub

cleanup

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system commands using the $ARGUMENTS variable, which can be manipulated to execute arbitrary code if malicious input is provided.\n
  • Evidence: Shell blocks in SKILL.md execute uv run ruff, uv run ty, and uv run pytest using $ARGUMENTS.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) due to the lack of sanitization for input data that influences execution flow.\n
  • Ingestion points: The $ARGUMENTS variable in SKILL.md.\n
  • Boundary markers: Absent. No quotes or delimiters are used to wrap the input variable.\n
  • Capability inventory: Shell command execution via uv (includes ruff, ty, mypy, and pytest) in SKILL.md.\n
  • Sanitization: Absent. User input is passed directly to the shell interpreter.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:42 AM