task-router
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Metadata Poisoning] (MEDIUM): The SKILL.md file explicitly states that 'Routing uses Sonnet to analyze tasks,' but scripts/route.js implements this via basic regex heuristics. This discrepancy misleads users regarding the skill's intelligence and reliability.
- [Indirect Prompt Injection] (MEDIUM): The router processes untrusted 'task' and 'context' strings which directly influence the selection of the execution agent. Ingestion points: scripts/route.js (argv inputs). Boundary markers: Absent. Capability inventory: Controls agent assignment for downstream tool execution. Sanitization: None.
Audit Metadata