The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestrator script uses subprocess.run to call the external claude CLI as a fallback mechanism for users without a local environment variable for the API key.
Evidence: Found in scripts/compress.py. The implementation uses fixed arguments ["claude", "--print"] and avoids shell interpolation by passing data via standard input, which effectively mitigates command injection risks.
[DATA_EXFILTRATION]: The skill transmits the contents of files specified by the user to the Anthropic API. While this is the intended functionality, it involves crossing a data boundary.
Evidence: scripts/compress.py implements a robust is_sensitive_path heuristic check. This filter proactively blocks the processing of sensitive files, such as environment variables (.env), SSH keys (id_rsa), and credentials, ensuring they are not sent to the external API.
[EXTERNAL_DOWNLOADS]: The skill declares dependencies on external libraries for token counting and API communication.
Evidence: The scripts reference the anthropic and tiktoken Python packages.
[PROMPT_INJECTION]: The skill processes untrusted natural language files and interpolates their content into prompts for the LLM, creating an indirect prompt injection surface.
Ingestion points: File contents are read using read_text() in scripts/compress.py.
Boundary markers: The prompt template in build_compress_prompt utilizes a "STRICT RULES" block to enforce behavior constraints on the model.
Capability inventory: The skill possesses the capability to overwrite local files and perform network requests to the Anthropic API.
Sanitization: The tool performs post-processing via strip_llm_wrapper and a dedicated validation suite (scripts/validate.py) that ensures technical elements like code blocks and URLs are preserved exactly as in the original.

caveman-compress