tldr-router
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides templates for running tldr commands for code exploration tasks like tree views and data flow analysis. These are standard developer operations and do not involve high-risk system commands or external networking.
- [PROMPT_INJECTION] (LOW): The skill defines a system where user-provided intents are mapped to shell command parameters such as file paths and function names. This creates a surface for indirect prompt injection (Category 8). * Ingestion points: User messages containing intent and parameters are ingested into the skill's routing logic. * Boundary markers: No explicit delimiters or boundary markers are suggested for the interpolated parameters in the bash templates. * Capability inventory: The skill intends for the agent to execute subprocess commands via the tldr binary across various files. * Sanitization: The skill does not provide any instructions or patterns for sanitizing or validating user-provided arguments before they are executed in a shell context.
Audit Metadata