safe-remove
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to construct shell commands for searching (grep) and deletion (rm) using an interpolated argument. This presents a command injection risk if a user provides an asset name containing shell metacharacters, potentially allowing arbitrary command execution within the agent's restricted shell environment.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes content from various project files (agents, rules, skills, and documentation) to identify references. Maliciously crafted content in these files could influence the agent's decisions during classification or lead to unauthorized patching actions.
- Ingestion points: Multiple files across the repository, including agents/.md, rules/.md, and skills/*/SKILL.md.
- Boundary markers: No delimiters or safety instructions are specified to prevent the agent from obeying instructions embedded in the scanned files.
- Capability inventory: The agent has access to the Edit, Write, and Bash tools, providing significant surface for file modification and system interaction.
- Sanitization: The skill does not instruct the agent to sanitize or validate the content discovered during scans before using it to plan patches.
Audit Metadata