caveman-compress
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/compress.pyinvokes theclaudeCLI viasubprocess.runas a fallback mechanism when an API key is not present. The command uses a static argument list and passes data via standard input, which is a secure implementation pattern that avoids shell injection. - [DATA_EXFILTRATION]: The skill reads the content of local files and transmits them to Anthropic's official API or the local Claude CLI. This data flow is documented and essential for the tool's functionality, utilizing a well-known service provider for processing.
- [PROMPT_INJECTION]: The tool processes external file content by interpolating it into an LLM prompt, creating a surface for indirect prompt injection. This risk is inherent to the compression task and is mitigated by the script's focus on structural preservation and the automatic creation of a
.original.mdbackup file.
Audit Metadata