The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface across multiple classes and functions (e.g., ProgressiveCompressor, abstractive_compress, HierarchicalMemory). These implementations ingest untrusted conversation history and interpolate it directly into LLM prompts for summarization using f-strings (e.g., 'Summarize this conversation:\n\n{conversation_text}').- Ingestion points: The 'messages' and 'conversation_text' variables in SKILL.md.- Boundary markers: Absent. No delimiters or instructions are used to separate untrusted data from task instructions.- Capability inventory: Includes file system writes (PersistentMemory.save_checkpoint) and network operations (Anthropic and OpenAI API calls).- Sanitization: None. The content is processed verbatim, allowing potential embedded instructions to influence the agent's behavior.

session-compression