The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes untrusted conversation messages and incorporates derived snippets into chat logs through the ContextOptimizerLogger class. This creates an attack surface where maliciously crafted user messages could influence the agent's behavior when it reads its own optimization logs.
Ingestion points: processMessages and retrieveFromArchive calls in lib/index.js and examples.
Boundary markers: Not present in the logging formatter (chat-logger.js).
Capability inventory: Local file system writes to a context archive (archivePath) and logging status updates back to the chat interface.
Sanitization: No sanitization of user-derived message snippets before interpolation into log strings.
[External Downloads] (LOW): The skill depends on external npm packages and the @xenova/transformers library, which downloads pre-trained model weights (~80MB) from Hugging Face at runtime.
Source: Hugging Face and OpenAI (via tiktoken) are trusted organizations, which downgrades the severity of the download finding per [TRUST-SCOPE-RULE].
[Data Exposure] (SAFE): The skill manages a local context archive. No sensitive file access outside the specified archivePath or exfiltration to untrusted domains was detected.

context-optimizer