Skills
Pin safety policies outside compactable context — 'Governance Decay' makes compaction an attack surface
'Governance Decay' (arXiv 2606.22528) shows that standing safety/governance constraints an agent obeys while visible get silently dropped by compaction because summarizers treat policies as low-salience. Across 1,323 episodes its ConstraintRot benchmark measured violations rising from 0% (policy in full context) to 30% after compaction and up to 59% on some models — and an attacker who controls only a returned tool output can trigger the drop on demand. Builders must store hard rules in a non-compactable system slot or re-inject them after every compaction, and grade tool calls against the policy deterministically.
Source
↳ Follow the thread