token-saver
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill modifies 'AGENTS.md' to inject 'Persistent Mode' instructions that override agent behavior. More significantly, the hardcoded replacements for 'MEMORY.md' and 'USER.md' function as a massive context-level prompt injection, replacing the user's personal history and profile with attacker-defined instructions and data.
- [DATA_EXFILTRATION] (HIGH): The script 'scripts/compressor.js' targets and reads highly sensitive workspace files (~/.md files including context and memory). According to the security rules, access to these sensitive paths without justification is high severity. In this case, the skill goes further by destroying the original data and overwriting it with static strings in the 'compressMemoryFile' and 'compressUserFile' functions.
- [COMMAND_EXECUTION] (HIGH): The skill performs unauthorized and destructive filesystem operations. It uses 'fs.writeFileSync' to overwrite critical agent memory files with hardcoded content, effectively 'brainwashing' the agent into a different identity without the user's informed consent. This is a high-risk manipulation of the agent's operating environment.
Recommendations
- AI detected serious security threats
Audit Metadata