rtk-compress
Fail
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill acts as a proxy for executing a wide range of shell commands, including system-level operations for version control (Git), container management (Docker, Kubernetes), and various build/test runners.
- [CREDENTIALS_UNSAFE]: Includes explicit instructions for the agent to access and filter environment variables using
rtk env -f AWS, which is a common location for sensitive cloud credentials. - [DATA_EXFILTRATION]: The skill provides mechanisms to read local files (
rtk read) and directory structures, facilitating the movement of potentially sensitive local code and data into the AI's context. - [PROMPT_INJECTION]: The skill processes untrusted data from several sources without defining safety boundaries, creating an attack surface for indirect prompt injection.
- Ingestion points: Data enters the context via file reads (
rtk read), network requests (rtk curl), and external tool outputs like git logs and container logs. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided instructions.
- Capability inventory: The skill allows execution of arbitrary shell commands through the
rtkwrapper across infrastructure and development toolsets. - Sanitization: No evidence of output sanitization or validation of the ingested content is provided.
Recommendations
- AI detected serious security threats
Audit Metadata