context-manager
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill accesses and manipulates session log files in ~/.clawdbot/ which contain full conversation histories. These files often store sensitive user data or secrets. While necessary for context management, this represents a significant data exposure risk.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes a local shell script (compress.sh) and the clawdbot CLI to manage sessions, which requires shell access and execution permissions.
- [PROMPT_INJECTION] (LOW): Susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: reads untrusted conversation history from .jsonl files. 2. Boundary markers: absent; the agent is simply asked to summarize context without specific delimiters or instructions to ignore embedded commands. 3. Capability inventory: includes file deletion (rm), file writing (backups), and CLI execution (clawdbot). 4. Sanitization: none identified; summaries are injected directly back into the session as the starting context.
- [NO_CODE] (SAFE): The primary logic resides in an external script (compress.sh) that was not provided for analysis.
Audit Metadata