math-router
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The suggested command
uv run python scripts/math_router.py route "<user's math request>"is highly vulnerable to shell injection. Since the user input is interpolated into the shell string, an attacker can use characters like;,&, or$()to execute unauthorized system commands. - [PROMPT_INJECTION] (HIGH): This skill exhibits a severe Indirect Prompt Injection surface. It ingests untrusted user input from the request and uses it to drive agent actions.
- Evidence Chain (Category 8):
- Ingestion points: The
<user's math request>field in theuv runcommand. - Boundary markers: Absent; user input is directly concatenated.
- Capability inventory: The agent is explicitly commanded to 'execute the returned command' in step 4, which provides an execution vector for malicious strings.
- Sanitization: None provided.
- [COMMAND_EXECUTION] (HIGH): The instruction 'You execute the returned command' allows for dynamic code execution where the agent runs potentially malicious commands generated by the routing script without a human-in-the-loop or verification step.
Recommendations
- AI detected serious security threats
Audit Metadata