Back to skill

Security audit

Agent-Skills-for-Context-Engineering

Security checks across malware telemetry and agentic risk

Overview

This is a coherent context-compression skill whose main risk is preserving sensitive conversation details in summaries, not hidden or malicious behavior.

Reasonable to install for context-compression workflows. Treat generated summaries and evaluation inputs as potentially sensitive because they can preserve user goals, file paths, errors, decisions, and excerpts from prior conversation. If adapting the LLM-judge example, redact sensitive content and get explicit user control before sending compressed context to any external provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description mixes specific phrases like "compress context" with broader conditions such as "reduce token usage" and especially "mentions context compression" or "long-running agent sessions exceeding context limits." These conditions are not tightly scoped to explicit invocation phrases and could overlap with general discussion of tokens or session length, making activation boundaries unclear.

Vague Triggers

Low
Confidence
84% confidence
Finding
The "When to Activate" section lists several scenarios such as "Designing conversation summarization strategies" and "Building evaluation frameworks for compression quality," but it does not clarify when the skill should not activate. Without exclusions or a narrower scope, these broad topical descriptions may trigger the skill during general discussion rather than intentional use.

Context Window Stuffing

Medium
Category
Memory Poisoning
Content
# Context Compression Strategies

When agent sessions generate millions of tokens of conversation history, compression becomes mandatory. The naive approach is aggressive compression to minimize tokens per request. The correct optimization target is tokens per task: total tokens consumed to complete a task, including re-fetching costs when compression loses critical information.

## When to Activate
Confidence
80% confidence
Finding
generate millions of tokens

Context Window Stuffing

Medium
Category
Memory Poisoning
Content
## When to Activate

Activate this skill when:
- Agent sessions exceed context window limits
- Codebases exceed context windows (5M+ token systems)
- Designing conversation summarization strategies
- Debugging cases where agents "forget" what files they modified
Confidence
80% confidence
Finding
exceed context window

Context Window Stuffing

Medium
Category
Memory Poisoning
Content
Activate this skill when:
- Agent sessions exceed context window limits
- Codebases exceed context windows (5M+ token systems)
- Designing conversation summarization strategies
- Debugging cases where agents "forget" what files they modified
- Building evaluation frameworks for compression quality
Confidence
80% confidence
Finding
exceed context window

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.