The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill is designed to manage and store sensitive API keys for multiple providers (Anthropic, OpenAI, Gemini, Moonshot, Z.ai, GLM) in ~/.model-router/.api-keys. While it advocates for using restricted file permissions (chmod 600), the presence of these credentials on the filesystem remains a high-value target.
[COMMAND_EXECUTION]: Utilizes local script execution for configuration and classification, and relies on the sessions_spawn tool for model delegation.
[EXTERNAL_DOWNLOADS]: Mentions installing dependencies via pip3 and references official documentation from well-known AI services including Anthropic, OpenAI, and Google Gemini. These references are documented neutrally as they target trusted services.
[PROMPT_INJECTION]: The classifier utility is susceptible to indirect prompt injection.
Ingestion points: User-provided task descriptions processed by scripts/classify_task.py.
Boundary markers: No delimiters or explicit instructions are used to prevent the agent from obeying instructions embedded within the task description.
Capability inventory: Execution of local Python scripts and spawning of new model sessions with varying capabilities.
Sanitization: The documentation does not indicate any sanitization or validation of the input task string before classification.

model-router