acp-router
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
exectool to run shell commands for session management and tool execution. It also executes dynamic Node.js code vianode -eto check package versions in SKILL.md. - [EXTERNAL_DOWNLOADS]: Fetches the
acpxpackage and various coding adapters (e.g.,pi-acp,opencode-ai) from the official NPM registry as described in SKILL.md. - [REMOTE_CODE_EXECUTION]: Uses
npxto download and run code for coding harness adapters directly from the NPM registry (SKILL.md). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by relaying untrusted user input to external coding harnesses.
- Ingestion points: User requests for coding harness tasks in SKILL.md
- Boundary markers: Absent from templates for passing prompts to
acpxin SKILL.md - Capability inventory: Shell command execution via
execand package installation vianpmin SKILL.md - Sanitization: No sanitization or validation of user input is specified in SKILL.md
Audit Metadata