chat-compactor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill identifies a potential indirect prompt injection surface. Ingestion points: The skill scans the entire conversation history (SKILL.md). Boundary markers: The output template does not specify the use of delimiters or 'ignore embedded instructions' warnings for the summarized content. Capability inventory: The skill specifies file-write operations to the project root or /home/claude/sessions/ (SKILL.md). Sanitization: There are no instructions for sanitizing or escaping the content retrieved from the conversation history before it is saved to a file.
Audit Metadata