math-router
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The primary workflow of this skill involves the agent executing shell commands that are dynamically generated by the
math_router.pyscript. The documentation explicitly instructs the agent to 'execute the returned command,' which facilitates a direct path from script output to shell execution without manual verification. - REMOTE_CODE_EXECUTION (MEDIUM): The skill enables the execution of dynamically constructed commands triggered by untrusted user input. If the
math_router.pyscript or the agent's shell wrapper does not properly sanitize the<user's math request>, an attacker could inject shell metacharacters to execute arbitrary code on the host system. - PROMPT_INJECTION (LOW): The skill instructions include high-priority directives ('ALWAYS use this router first') intended to override the agent's default decision-making process for tool selection, which could be used to force the agent into a vulnerable execution path.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: User-provided math requests are ingested directly as command-line arguments to the
math_router.pyscript. - Boundary markers: The instructions suggest using double quotes (
"<user's math request>") but do not provide guidance on escaping or sanitization of those inputs. - Capability inventory: The agent has the capability to run shell commands via
uv run pythonand is directed to execute the results of the routing script. - Sanitization: No evidence of input validation or sanitization is present in the skill instructions.
Audit Metadata