compress
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted file content by interpolating it directly into a prompt for the Claude LLM in
scripts/compress.py. This creates a surface for indirect prompt injection where malicious instructions inside a file could influence the agent's output. - Ingestion points:
scripts/compress.pyreads content from a user-specified<filepath>. - Boundary markers: The prompt uses a "TEXT:" label but lacks robust delimiters or "ignore instructions" warnings for the interpolated content.
- Capability inventory: The skill can read and write local files and perform network requests to the Anthropic API.
- Sanitization: Includes extension-based filtering and sensitive path heuristics to prevent processing of non-text or high-risk files.
- [COMMAND_EXECUTION]: In
scripts/compress.py, the skill may execute theclaudeCLI usingsubprocess.runas a fallback if the Python library is not installed. It uses a fixed argument list, which is a safe implementation pattern. - [EXTERNAL_DOWNLOADS]: The skill sends text content to the Anthropic API, a well-known service, for the purpose of compression. This behavior is documented and central to the skill's functionality.
- [DATA_EXFILTRATION]: The skill incorporates a comprehensive heuristic-based safety check (
is_sensitive_pathinscripts/compress.py) to prevent the accidental reading and transmission of files containing credentials, keys, or secrets (e.g.,.env,.ssh/,credentials).
Audit Metadata