skill-router
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an automated orchestrator that uses the
skilltool to load additional instructions based on untrusted user input without manual confirmation, creating a surface for indirect prompt injection.\n - Ingestion points: The skill reads the entire user request to determine which skills to load via its internal routing logic.\n
- Boundary markers: There are no delimiters or 'ignore' instructions provided to separate the user's task data from the routing logic in the prompt.\n
- Capability inventory: The skill is capable of dynamically loading and executing any combination of skills from a broad catalog (including security and developer tools) using the
skilltool.\n - Sanitization: No validation, filtering, or sanitization is performed on the user input before it influences the choice of loaded skills.\n- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any accompanying executable scripts or binaries.
Audit Metadata