caveman-compress

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The orchestrator script 'scripts/compress.py' utilizes 'subprocess.run' to execute the 'claude' CLI tool. This implementation is secure as it uses a fixed list of arguments and passes user-controlled content via standard input, avoiding shell interpolation risks.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it reads and transforms untrusted markdown files. 1. Ingestion points: 'scripts/compress.py' reads file content into a prompt. 2. Boundary markers: Content is provided under a 'TEXT:' label but lacks strong isolation delimiters. 3. Capability inventory: The skill is capable of overwriting local files and executing the 'claude' CLI. 4. Sanitization: No sanitization is performed on input text, but structural validation in 'scripts/validate.py' mitigates the risk of destructive model outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:06 AM
Security Audit — agent-trust-hub — caveman-compress