compound-engineering
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads and executes the 'compound-engineering' package via npx from the npm registry. This package originates from an unverified source (lxgicstudios).
- [REMOTE_CODE_EXECUTION]: The use of npx facilitates the execution of remote code at runtime without explicit version pinning or integrity checks.
- [COMMAND_EXECUTION]: Requests the modification of system persistence layers, including crontab entries and the creation of macOS LaunchAgents plists in ~/Library/LaunchAgents/.
- [PROMPT_INJECTION]: The skill implements a self-improving loop that ingests raw session data to update core instructions (AGENTS.md) and long-term memory (MEMORY.md). -- Ingestion points: Historically stored session data and chat logs from the last 24 hours. -- Boundary markers: None present; the agent is not instructed to ignore or treat instructions embedded in the reviewed data as data only. -- Capability inventory: Writing to persistent memory files and performing Git operations (commit/push). -- Sanitization: No input sanitization or verification of extracted learnings is specified before committing them to the agent's identity and memory files.
Audit Metadata