routing
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill's implementation aligns with its stated purpose of managing agent routing and tool policies. No evidence of prompt injection, data exfiltration, persistence mechanisms, or obfuscation was found in the analyzed source code.
- Indirect Prompt Injection (SAFE): This skill functions by ingesting user messages and routing them to specialized agents with various capabilities. While this represents a surface for indirect prompt injection, no active exploitation was detected, and the risk is inherent to the skill's primary function of message routing. 1. Ingestion points: User messages are ingested via the routing.route method as described in SKILL.md and processed through pattern matching. 2. Boundary markers: The provided code does not show explicit delimiters or instruction-ignore headers for the messages being routed. 3. Capability inventory: The routing service manages access to potentially powerful tool categories including execute, portfolio, web-search, web-fetch, files, browser, and docker. 4. Sanitization: The current implementation focuses on routing logic and does not include explicit sanitization or filtering of the message content itself.
Audit Metadata