compression-strategy
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes historical context and archived session data to generate summaries, which creates an attack surface for indirect prompt injection.
- Ingestion points: Conversation history and archived session files in .claude/context-archive/.
- Boundary markers: No explicit delimiters or instructions are provided to the model to ignore embedded commands within the ingested data.
- Capability inventory: Spawns continuation agents via Skill(conserve:clear-context), delegates tasks via the Task tool, and writes archived state to the local file system.
- Sanitization: No sanitization or validation of the historical content is performed before processing.
- [SAFE]: The skill uses local directory paths (e.g., .claude/session-state.md, .claude/context-archive/) to preserve session information and historical context. This is a standard and safe practice for session persistence and does not involve unauthorized data access.
- [SAFE]: The skill leverages platform-specific commands and tools (e.g., /clear, /catchup, Skill(conserve:clear-context)) to manage the agent's working memory. These operations are performed within the scope of the agent's intended functionality.
Audit Metadata