Skip to content
ATR-2026-00125highSkill Compromiseexperimental

Context Poisoning via Compaction Survival

Detects instructions in SKILL.md files designed to survive context window compaction (summarization). When AI agents compress their context, poisoned instructions embed themselves as "important" directives that persist across compaction boundaries. Discovered via Claude Code leak analysis (2026-03): attackers used CLAUDE.md/SKILL.md to inject instructions that survived context compression by using urgency markers, persistence directives, and system-level impersonation.

Severity
high
Category
Skill Compromise
Scan Target
skill
Author
ATR Community

Response Actions

alertblock input

References

OWASP Agentic
ASI01:2026 - Agent Goal Hijack
OWASP LLM
LLM01:2025 - Prompt Injection
View full YAML on GitHub →

More Skill Compromise Rules

ATR-2026-00060highMCP Skill Impersonation and Supply Chain AttackATR-2026-00120criticalSKILL.md Prompt InjectionATR-2026-00121criticalMalicious Code in Skill PackageATR-2026-00122highWeaponized Skill — Agent as Attack ToolATR-2026-00123highOver-Privileged Skill — Excessive Permissions