router-first-architecture
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [No Code] (SAFE): The skill package consists of a single markdown file containing documentation and patterns. There are no executable scripts, binary files, or active configuration files included.
- [Indirect Prompt Injection] (LOW): The documented architecture describes a method for passing user-provided intent strings directly into a tool command.
- Ingestion points: The user intent is interpolated into the command
math-router route "<intent>"as seen in SKILL.md. - Boundary markers: The design uses simple double quotes but lacks robust boundary delimiters or instructions for the agent to ignore embedded commands within the intent string.
- Capability inventory: The design intention is to have the router map intent to 'exact CLI commands' and 'scripts' for execution.
- Sanitization: The documentation does not specify any sanitization or validation requirements for the intent data prior to command generation.
Audit Metadata