nav-marker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted conversation history to generate summaries, creating a surface for indirect prompt injection attacks.
- Ingestion points: marker_compressor.py accepts input via stdin or a file path provided in the --input argument.
- Boundary markers: The output uses --- delimiters between sections but does not include explicit instructions for the receiving LLM to ignore potentially malicious embedded commands.
- Capability inventory: While the script itself only performs text processing and I/O, its output is intended to influence agent behavior by providing context.
- Sanitization: No filtering or escaping is applied to extracted code blocks, file paths, or error messages, allowing attacker-controlled instructions to persist in the compressed summary.
Audit Metadata