context-compression
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A comprehensive audit of the skill instructions and Python scripts revealed no evidence of credential theft, obfuscation, or unauthorized network operations.
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted conversation history for summarization and evaluation, presenting an indirect prompt injection surface.
- Ingestion points: Raw data enters the agent context through the
conversation_historyparameter withinscripts/compression_evaluator.py. - Boundary markers: The summarization logic organizes content into structured markdown headers (e.g., ## Session Intent, ## Files Modified), though it does not implement formal data delimiters.
- Capability inventory: The skill's capabilities are restricted to text generation and internal logic; it lacks access to the network, file system modifications, or shell command execution.
- Sanitization: Extraction is performed using specific regular expression patterns and JSON serialization, which effectively decouples user-provided history from the agent's operational instructions.
Audit Metadata