genshijin-compress
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads local file content and sends it to the Anthropic API (via the
anthropiclibrary orclaudeCLI) for compression. This is the intended behavior of the tool. It includes a proactiveis_sensitive_pathheuristic check to prevent the accidental upload of credentials, environment files, and private keys to the third-party service. - [COMMAND_EXECUTION]: The skill executes the
claudeCLI tool usingsubprocess.runto handle LLM requests. The implementation uses a static argument list and passes data via standard input, which effectively prevents shell injection vulnerabilities. - [PROMPT_INJECTION]: The skill processes untrusted natural language files and interpolates their content into a system prompt for the LLM. This creates an indirect prompt injection surface where a malicious file could attempt to influence the LLM's output.
- Ingestion points: Content is read from local files in
scripts/compress.py. - Boundary markers: The file content is delimited by a
テキスト:label within the prompt. - Capability inventory: The skill can read and overwrite local files and execute the
claudeCLI. - Sanitization: The tool implements a comprehensive blacklist of sensitive file names and paths (e.g.,
.env,.ssh/,secrets) to minimize the risk of sensitive data exposure.
Audit Metadata