Security Audit

Sounder25/Google-Antigravity-Skills-Library:04_clean_artifacts

github.com/Sounder25/Google-Antigravity-Skills-Library

AI SkillCommit 09376edc64e9

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Sounder25/Google-Antigravity-Skills-Library:04_clean_artifacts received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Deletion via --target parameter.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 28, 2026 (commit 09376edc). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

1 finding

Security Findings1

Severity	Finding	Layer	Location
HIGH	Arbitrary File Deletion via --target parameter The skill's documentation indicates that the `--target` parameter (type `string[]`) allows users to specify 'Folders to remove'. If the underlying `clean_artifacts.ps1` script directly uses these user-provided strings in file deletion commands (e.g., `Remove-Item` or `rm -rf`) without robust path validation or sanitization, an attacker could specify arbitrary paths (e.g., `/`, `../..`, `C:\Windows`) leading to the deletion of sensitive system files or directories. This could result in denial of service, data loss, or system instability. While the 'Safety/QA Checks' mention 'only deletes explicit target list (`bin`, `obj`)' if not using git, the `--target` parameter's description contradicts this by implying user-defined targets are accepted, creating an ambiguity that must be treated as a vulnerability in the absence of the actual script for verification. 1. Implement Strict Path Validation: The `clean_artifacts.ps1` script must rigorously validate all user-provided `--target` paths. Only allow deletion of subdirectories within the current workspace or a predefined, safe set of relative paths. Prevent any absolute paths, paths containing '..', or paths outside the intended scope. 2. Whitelist Directories: Instead of allowing arbitrary strings, consider whitelisting specific directory names (e.g., `bin`, `obj`, `node_modules`, `dist`, `build`) that can be removed. 3. User Confirmation: For any non-default or potentially sensitive targets, prompt the user for explicit confirmation before deletion. 4. Clarify Documentation: If the `--target` parameter is strictly limited to a whitelist or ignored in certain contexts, update the `SKILL.md` to clearly reflect these safety measures.	Static	SKILL.md:24

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/807a25f095802c99.svg)](https://skillshield.io/report/807a25f095802c99)