Skills
skills/charon-fan/agent-playbook/skill-router/Gen Agent Trust Hub

skill-router

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill description contains mandatory directives ('ALWAYS use this skill FIRST') designed to hijack the agent's decision-making process and force the routing logic for a wide range of common user queries.
  • [PROMPT_INJECTION]: The skill processes untrusted user input for intent classification and skill matching without explicit delimiters or instructions to ignore embedded commands, creating a surface for indirect prompt injection.
  • Ingestion points: User requests processed during 'Intent Analysis' in SKILL.md.
  • Boundary markers: Absent; no delimiters or 'ignore' instructions are defined for isolating user input from instructions.
  • Capability inventory: Includes file reading (Read), searching (Grep), and web searching (WebSearch).
  • Sanitization: No evidence of input validation or sanitization before processing user requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:05 AM