fix-decision-router
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external documentation files and user input to drive its decision logic and file operations.
- Ingestion points: The skill reads documentation files (path provided via
doc_path) and accepts direct user input for skill names, categories, and custom actions. - Boundary markers: None. There are no delimiters or instructions provided to the agent to disregard instructions embedded within the processed documentation or user inputs.
- Capability inventory: The skill has access to
Write,Edit, andBashtools, allowing it to modify the file system and execute shell commands. - Sanitization: None. The skill does not specify any validation, escaping, or filtering of the ingested content before it is written to new files or used in command contexts.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool and includes an "Other" option (Option 8) that prompts for and executes custom actions. This capability, combined with the lack of input sanitization, creates a risk where malicious instructions in the processed documentation could influence the execution of shell commands.
Audit Metadata