context-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through its core context compression functionality. \n
- Ingestion points: The skill ingests untrusted user and system context via the 'beforeRequest' hook in 'src/index.js' and the '/api/compress' endpoint in 'src/dashboard.js'. \n
- Boundary markers: The compression logic in 'src/compressor.js' lacks delimiters or instructions to the LLM to ignore embedded commands within the compressed text. \n
- Capability inventory: The skill has the capability to modify the final prompt sent to the LLM by replacing the 'context' or 'prompt' fields in 'requestData' with compressed strings. \n
- Sanitization: There is no evidence of sanitization, escaping, or filtering of malicious instructions within the text being compressed. An attacker could potentially embed instructions that survive the summarization or deduplication process to influence agent behavior downstream.
Audit Metadata