The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is designed to process untrusted conversation history and summarize it into authoritative context blocks, creating a critical Indirect Prompt Injection surface.
Ingestion points: The messages array in SKILL.md and references/priority-management.md where raw history is ingested.
Boundary markers: Absent. The summary format uses standard Markdown headers (e.g., ## Session Intent) which do not provide a security boundary between system instructions and untrusted data.
Capability inventory: The skill is intended for use in 'multi-step workflows' and 'persistent agents' which typically have high-privilege capabilities like file modification and command execution.
Sanitization: No sanitization, escaping, or filtering of the summarized content is described or implemented in the provided code logic.
[PROMPT_INJECTION] (MEDIUM): The 'Opaque Compression' strategy documented in references/compression-strategies.md involves encoding agent state into non-human-readable strings. This provides a mechanism for obfuscating instructions from safety filters until they are reconstructed and executed by the LLM.

context-compression