caveman-compress
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python module using the command
python3 -m scripts <absolute_filepath>. This allows the skill to perform arbitrary processing on files specified by the user. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data.
- Ingestion points: The skill reads natural language files such as
CLAUDE.md, todo lists, and preferences provided via an absolute file path. - Boundary markers: Absent. The instructions define how to compress text but do not include delimiters or warnings to ignore potentially malicious instructions embedded within the files being processed.
- Capability inventory: The skill can execute shell commands (
python3), overwrite existing files on the system, and create/modify files in thellmwiki/directory. - Sanitization: None. The file content is passed directly to the LLM for compression and validation without filtering or escaping.
Audit Metadata