context-compression
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it summarizes raw conversation history and incorporates that summary back into the agent's active context.
- Ingestion points: Untrusted conversation content enters the system via the StructuredSummarizer and ProbeGenerator classes in scripts/compression_evaluator.py.
- Boundary markers: The skill employs structured markdown headers to organize summaries as described in SKILL.md, but it does not include explicit instructions for the agent to disregard instructions found within the summarized data.
- Capability inventory: Analysis of scripts/compression_evaluator.py confirms the absence of dangerous operations such as command execution, network requests, or file system modifications.
- Sanitization: No validation or escaping of the ingested conversation history was found prior to its inclusion in the generated summaries.
Audit Metadata