Skills
skills/betalyra/effect-uai/effect-uai-auto-compaction/Gen Agent Trust Hub

effect-uai-auto-compaction

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the auto-compaction process. It takes existing conversation history (which can include untrusted user input) and passes it directly to an LLM with a summarization instruction. This could allow malicious content within the history to influence the agent's behavior during the summarization task.
  • Ingestion points: Untrusted data enters the context via the state.history array in SKILL.md.
  • Boundary markers: There are no boundary markers or 'ignore embedded instructions' warnings surrounding the history content when it is sent for summarization in the streamTurn call.
  • Capability inventory: The skill performs network operations via oai.streamTurn to communicate with an LLM provider as seen in SKILL.md.
  • Sanitization: The skill lacks sanitization, escaping, or validation of the history content before it is interpolated into the summarization prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 03:13 PM