The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local system commands via Python subprocesses and Node.js spawn operations. Specifically, it calls 'python' and 'pnpm' in 'scripts/main.cjs' to perform codebase searches and compression tasks. The bundled reference scripts in 'references/skill-creator-reference/' also execute 'claude -p' to run evaluations and optimizations, and 'lsof' to manage local network ports.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection as it is designed to ingest and process untrusted external data, such as RAG payloads and user-provided codebases.
Ingestion points: External text and JSON files are read in 'scripts/compress_context.py' and 'scripts/run_skill_workflow.py'.
Boundary markers: The compression engine does not automatically wrap its output in security delimiters (e.g., XML tags or clear boundaries) to separate processed untrusted content from the rest of the agent's prompt.
Capability inventory: The skill environment permits 'Bash', 'Write', and 'Read' operations, which could be abused if malicious instructions in the compressed context are followed by the agent.
Sanitization: There is no explicit sanitization of the input text to remove potential injection strings, as the tool's purpose is to preserve evidence.
[COMMAND_EXECUTION]: The 'references/skill-creator-reference/eval-viewer/generate_review.py' script starts a local web server (HTTPServer) on 127.0.0.1 to provide a graphical interface for reviewing evaluation results. While this is a local-only service, it represents a runtime network surface for data visualization.
[SAFE]: Metadata in 'SKILL.md' includes fields like 'verified: true' and 'lastVerifiedAt'. While these might be interpreted as official platform safety claims, they are treated as non-authoritative data in this analysis.

context-compressor