Skills
skills/mzf11125/midnight_agent_skills/midnight-compact/Gen Agent Trust Hub

midnight-compact

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation instructs users to install the Compact compiler by piping a remote script from GitHub directly into the shell. This targets the official repository of the technology (midnightntwrk).
  • [COMMAND_EXECUTION]: The 'scripts/compile-compact.py' script executes the 'compact' binary locally via 'subprocess.run' to compile contract files. This is an intended development capability but allows the execution of system commands.
  • [EXTERNAL_DOWNLOADS]: The skill guides users to download tools from official sources, including the Midnight CLI from NPM and the compiler from GitHub.
  • [PROMPT_INJECTION]: The 'scripts/compile-compact.py' script processes user-supplied file paths and content to invoke the compiler, creating a surface for indirect prompt injection.
  • Ingestion points: User-provided file paths and the content of contract files processed by 'scripts/compile-compact.py'.
  • Boundary markers: None used to differentiate untrusted contract code from the agent's internal instructions.
  • Capability inventory: Local file access and system command execution via 'subprocess.run' in 'scripts/compile-compact.py'.
  • Sanitization: No validation or sanitization is applied to the input file paths before they are used in system calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:13 PM