model-selection
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Indirect Prompt Injection Surface. The skill employs tools such as Read, Grep, and Glob to access external file data and AskUserQuestion to solicit user input. This allows for a vulnerability surface where malicious content within processed files or user responses could attempt to override the model selection logic. Ingestion points: File access via Read, Grep, and Glob tools, and user responses via AskUserQuestion (SKILL.md). Boundary markers: Absent; the skill lacks delimiters to separate untrusted data from instructions. Capability inventory: Limited to file reading and user interaction; no high-risk capabilities such as arbitrary command execution (subprocess), network exfiltration, or file-writing are present. Sanitization: No validation or filtering mechanisms are defined for the data ingested at runtime.
Audit Metadata