competition-runtime-routing
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. * Ingestion points: The skill instructs the agent to process untrusted external data from HTTP headers (Host, X-Forwarded-Host, X-Forwarded-Proto, X-Forwarded-Port, Origin), path prefixes, cookies, and live request traces (SKILL.md, references/runtime-routing.md). * Boundary markers: Absent. The skill provides no instructions to use delimiters or to treat the analyzed network data as potentially malicious content. * Capability inventory: No dangerous tool capabilities such as file-write, network operations, or subprocess calls are present in the provided files. * Sanitization: Absent. The skill does not mention escaping, validating, or filtering external inputs before they are interpolated into the prompt or processed by the agent.
- [NO_CODE]: The skill consists entirely of instructional Markdown and YAML configuration files. No executable scripts, binaries, or command lines are present in the provided files.
Audit Metadata