model-hierarchy
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses a keyword-based classification system to route tasks to different model tiers. This design presents an indirect prompt injection surface where an attacker could provide data containing signals like 'security' or 'architect' to intentionally force the agent to use a premium, high-cost model.
- Ingestion points: Task descriptions, context, or metadata used for complexity classification.
- Boundary markers: No explicit delimiters or 'ignore instructions' warnings are provided to protect the classification logic from embedded content within the task data.
- Capability inventory: The skill controls model selection and the spawning of sub-agents, both of which have direct financial implications (wallet exhaustion risk).
- Sanitization: No sanitization, validation, or signal filtering is mentioned in the logic or examples to mitigate unintended model upgrades.
Audit Metadata