context-manager
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script compress.sh performs file deletions using the rm command on session JSONL files located in ~/.openclaw/agents/ to reset session state. This is a documented core functionality of the skill but involves destructive file system operations.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection by ingesting untrusted session history for summarization. 1. Ingestion points: compress.sh reads session transcripts from ~/.openclaw/agents/agent_id/sessions/. 2. Boundary markers: No delimiters or explicit ignore instructions are used when passing the history to the agent. 3. Capability inventory: The skill has the ability to delete session files, create backups, and send arbitrary messages to the agent via the openclaw CLI. 4. Sanitization: No sanitization is performed on the text content of the history before processing.
Audit Metadata