search-router
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute shell commands using templates like 'uv run python scripts/tldr_search.py "query"'. Evidence: Found in the Decision Tree and Examples sections. Risk: User-controlled input placed inside double quotes in a shell environment is susceptible to command injection if the input contains shell metacharacters (e.g., backticks or $(...)) that the agent fails to escape.
- [PROMPT_INJECTION] (MEDIUM): The skill serves as a router for tools that ingest and summarize external codebase content. Evidence: Ingestion points include code files, identifiers, and query strings across multiple search tools (TLDR, AST-grep, Grep). Risk: This establishes a surface for indirect prompt injection where malicious instructions embedded in code comments or identifiers could be processed by the search tools and influence the agent's downstream reasoning or tool selection without proper sanitization or boundary markers.
Audit Metadata