lovable-cleanup
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands including
grep,ls, andnpmto audit and modify the project structure. These commands are used for their intended purpose of text searching and package management within the user's project directory. - [DATA_EXPOSURE]: The skill scans project environment files (
.env,.env.local) to identify platform-specific keys. It explicitly includes asedcommand to redact the values of these keys, preventing sensitive information from being displayed in the agent's output or context. - [INDIRECT_PROMPT_INJECTION]: As the skill processes project files which may contain untrusted data, there is a theoretical surface for indirect injection. However, the skill treats file content as static text for searching and does not interpolate file content into instructions or execute it, mitigating this risk.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and official repositories for Lovable, Radix UI, and shadcn/ui. These are well-known developer resources and do not involve the execution of untrusted remote code.
Audit Metadata