Trust Assessment
context-compressor received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Git command execution in untrusted directory, Collection of sensitive local repository data into summary file.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Git command execution in untrusted directory The `generate_summary` function executes `git status` and `git log` commands in the current working directory. If the skill is invoked within a Git repository controlled by a malicious actor, these commands could trigger pre-configured Git hooks (e.g., `pre-commit`, `post-checkout`, `post-merge`), leading to arbitrary command injection and execution on the host system. 1. Sandbox Execution: Execute `git` commands in a sandboxed environment that prevents hook execution. 2. Disable Hooks: Use `git --no-pager --no-optional-locks -c core.hooksPath=/dev/null status` to explicitly disable hooks for these commands. 3. User Confirmation: Prompt the user for confirmation before executing `git` commands in a new or untrusted repository. 4. Restrict CWD: Limit the skill's ability to change or operate in arbitrary directories. | LLM | scripts/compress.sh:176 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/maddiedreese/context-compressor/SKILL.md:1 | |
| MEDIUM | Collection of sensitive local repository data into summary file The `generate_summary` function collects potentially sensitive information, including the current working directory path, the output of `git status` (showing modified/untracked files), and `git log` (recent commit messages), and writes it into a local summary file (`memory/compressed-{session-id}.md`). While the script itself does not exfiltrate this file, the consolidation of this local system and repository metadata into a single file increases the risk of data exfiltration if the agent or another skill later accesses and transmits this summary file. 1. Redact Sensitive Info: Review and redact any highly sensitive information from `git status` or `git log` output before writing to the summary. 2. Granular Control: Provide options for users to disable the inclusion of `git` information or specific file paths in the summary. 3. Access Control: Ensure strict access controls on the `memory/compressed` directory and its contents to prevent unauthorized reading by other processes or skills. 4. Just-in-Time Access: Instead of writing to a file, provide this information to the LLM only when explicitly requested and with user consent. | LLM | scripts/compress.sh:174 |
Scan History
Embed Code
[](https://skillshield.io/report/cb0a9f03415be432)
Powered by SkillShield