Context Poisoning via Compaction Survival

Detects instructions in SKILL.md files designed to survive context window compaction (summarization). When AI agents compress their context, poisoned instructions embed themselves as "important" directives that persist across compaction boundaries. Discovered via Claude Code leak analysis (2026-03): attackers used CLAUDE.md/SKILL.md to inject instructions that survived context compression by using urgency markers, persistence directives, and system-level impersonation.

建議回應

參考資料