skills-router
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends downloading and installing agent skills from numerous unknown third-party GitHub repositories. This represents a supply chain risk where a malicious repository could deliver harmful instructions.
- Recommends installation from untrusted sources: github.com/oldwinter/skills, github.com/jezweb/claude-skills, github.com/wshobson/agents, github.com/sendaifun/skills, github.com/testdino-hq/playwright-skill, github.com/obra/superpowers, github.com/softaworks/agent-toolkit, github.com/sickn33/antigravity-awesome-skills, github.com/cloudai-x/threejs-skills, github.com/coreyhaines31/marketingskills, and github.com/boristane/agent-skills.
- Note: The skill also correctly references trusted sources such as Cloudflare, Vercel, Google, Stripe, and Microsoft.
- [COMMAND_EXECUTION]: The routing tables provide pre-computed shell commands (e.g.,
npx skills add https://github.com/...) intended for execution to install external dependencies and integrate them into the agent's environment. - [PROMPT_INJECTION]: The skill instructs the agent to read local configuration files (e.g.,
.cursorrules,CLAUDE.md,GEMINI.md) and use them to override generic guidance, creating an indirect prompt injection surface. - Ingestion points: Local files
GEMINI.md,CLAUDE.md,AGENTS.md,.cursorrules,.github/copilot-instructions.md, andCONVENTIONS.md. - Boundary markers: None present to distinguish system instructions from file content.
- Capability inventory: The skill has command execution capabilities (
npx) and file system access (view_file). - Sanitization: None present; the instructions explicitly direct the agent to 'Follow that skill's instructions'.
Audit Metadata