context-compressor
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): High attack surface for indirect prompt injection through data processing. 1. Ingestion points: The skill is designed to process external untrusted content including 'Research results', 'Code files', and 'Documents' as outlined in
SKILL.md. 2. Boundary markers: Absent; the protocol does not define delimiters to separate untrusted inputs from the agent's instructions in the compressed output. 3. Capability inventory: No internal script execution or network capabilities are present in the skill files, but the output directly influences the agent's reasoning context. 4. Sanitization: Absent; the skill instructions specifically mandate that the agent 'keep' elements like 'Decisions' and 'Action items' which are primary vectors for spoofed instructions in external documents. - NO_CODE (SAFE): The skill consists entirely of markdown protocols and YAML configuration files with no executable scripts or binaries identified.
Audit Metadata