Security audit

Deflate — Intelligent Context Compression

Security checks across malware telemetry and agentic risk

Overview

This skill is a context-compression helper, but it also encourages broad persistent storage of chat details, including secrets, without clear consent or redaction safeguards.

Install only if you want the agent to actively manage context and session memory. Before using it, add a rule that passwords, API keys, tokens, cookies, private URLs, and personal data must not be copied into summaries or MEMORY.md unless you explicitly approve a specific write.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The skill tells the agent to state that data was already saved to memory, but the file only contains instructional prose and no implemented memory-write mechanism. This can mislead users into believing persistence occurred, causing data loss, incorrect operational decisions, or unsafe reliance on supposed stored state.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The workflow instructs a new session to read MEMORY.md and confirm data loaded, but the skill does not implement any loading behavior. This creates a false assurance that prior context is available, which can lead to mistakes, lost continuity, or unsafe actions based on nonexistent state.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger list contains broad, common terms like 'new', 'session', 'cost', and 'flush', which can cause the skill to activate during unrelated conversations. In a skill that changes response format and encourages persistence of conversation state, accidental activation increases the chance of privacy-impacting or disruptive behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs writing conversation contents to MEMORY.md, including decisions, project details, configurations, and lessons learned, without a clear user-facing privacy notice or consent flow. Because this creates persistent storage of potentially sensitive information, users may unknowingly authorize retention beyond the current session.

Ssd 3

High

Confidence: 98% confidence
Finding: The compression rules explicitly say API keys, config values, names, IDs, dates, amounts, and code snippets must survive compression exactly as-is. Preserving secrets and sensitive identifiers across summaries and sessions increases exposure surface, making leakage through later responses, logs, or memory files more likely.

Ssd 3

High

Confidence: 97% confidence
Finding: The memory flush protocol directs the agent to persist broad categories of accumulated conversation data to disk-like memory files, including contacts, IDs, project data, decisions, and operational details. In this context-compression skill, that behavior is more dangerous because it systematically normalizes long-term retention of sensitive material that may exceed user expectations.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The pre-/new checklist tells the agent to save all critical data, IDs, configs, and pending items before starting a new session, reinforcing broad persistence as a default behavior. This can cause over-collection and retention of sensitive information even when a fresh session could proceed with a narrower, safer handoff.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal