compile
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (
scripts/compile.sh) that coordinate the compilation process. These scripts utilize system utilities likefind,grep,md5sum, andpython3for logic and JSON processing. The script also provides support for theclaudeCLI binary when using theclaude-cliruntime configuration. - [DATA_EXFILTRATION]: The core functionality of the skill involves reading local artifacts from the
.agents/directory and transmitting their contents to external LLM services (including Anthropic and OpenAI) or a user-defined Ollama host. This data flow is documented and intended for the purpose of synthesizing knowledge across files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it aggregates raw, potentially untrusted knowledge artifacts (research, learnings) into a large prompt sent to an LLM. Malicious content within these artifacts could attempt to override the compiler's instructions.
- Ingestion points: The script
scripts/compile.shreads markdown files from.agents/learnings,.agents/patterns,.agents/research,.agents/retros,.agents/forge, and.agents/knowledge. - Boundary markers: The compiler prompt uses
--- FILE: <file_path> ---as a delimiter to separate different input artifacts. - Capability inventory: The skill performs network API requests and has the capability to write multiple files to the
.agents/compiled/directory. - Sanitization: No explicit sanitization or filtering of the artifact content is performed before interpolation into the LLM prompt.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests via
curlto well-known LLM provider APIs (api.anthropic.com,api.openai.com) and Ollama instances. These endpoints are standard for the technologies utilized by the skill.
Audit Metadata