compress
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess.run to call the 'claude' CLI as a fallback for API communication. The implementation uses a fixed argument list and passes data via stdin, effectively preventing shell injection. (Ref: scripts/compress.py)
- [EXTERNAL_DOWNLOADS]: The skill communicates with the Anthropic API to perform text compression, either through the official Python SDK or the 'claude' CLI tool. These are well-known and official communication channels. (Ref: scripts/compress.py)
- [DATA_EXFILTRATION]: The skill reads content from user-provided file paths and transmits it to Anthropic's API for processing. This behavior is documented and required for the tool's primary compression functionality. (Ref: scripts/compress.py)
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating raw file content into LLM prompts without using delimiters or sanitization. This could potentially allow instructions embedded within a file to influence the compression task. (Ref: scripts/compress.py, SKILL.md)
- Ingestion points: File contents read via Path.read_text() in scripts/compress.py
- Boundary markers: None used to separate data from instructions in prompts
- Capability inventory: Local file writing and execution of the claude CLI
- Sanitization: Validation is limited to file type and size checks
Audit Metadata