caveman-compress
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external programs to perform text processing. It invokes the 'claude' CLI utility through the Python
subprocessmodule. Evidence includessubprocess.run(["claude", "--print"], ...)inscripts/compress.py. The skill also defines a command-line trigger inSKILL.mdthat executes a Python module and passes file paths as arguments. - [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by reading external file content and inserting it into prompts for an LLM without adequate sanitization or robust delimiters.
- Ingestion points: The skill reads target files using
Path.read_text()inscripts/compress.py. - Boundary markers: Prompt templates in
scripts/compress.pyuse weak markers like 'TEXT:' and 'ORIGINAL:' which can be bypassed by malicious content within the files. - Capability inventory: The skill possesses the ability to read from and write to the filesystem, and to execute external processes.
- Sanitization: No sanitization or escaping of the ingested text is performed before prompt construction.
Audit Metadata