compaction-detector
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a dynamic Python script generated via shell heredoc to parse session logs. It also employs complex shell pipelines involving awk, sed, and paste to manipulate file data.\n- [DATA_EXFILTRATION]: The skill accesses sensitive information by reading Claude Code session logs in ~/.claude/projects//logs/.jsonl. These files contain historical records of user interactions and model outputs.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes historical interaction data from session logs. Maliciously crafted content within these logs could be interpreted as instructions by the agent.\n
- Ingestion points: Session log JSONL files processed in SKILL.md.\n
- Boundary markers: Not implemented; log content is processed without protective delimiters.\n
- Capability inventory: Includes the Bash tool (for grep, awk, sed), Python script execution for file handling, and the Read tool for log ingestion.\n
- Sanitization: None; data from the logs is not sanitized or escaped before processing.
Audit Metadata