Skills
skills/rexleimo/rex-cli/model-router/Gen Agent Trust Hub

model-router

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to interact with different AI models.
  • Evidence: The 'CLI 协议' (CLI Protocol) section defines command templates: codex --yolo -m <model> -p "<prompt>", gemini -m gemini-3-pro -p "<prompt>", and claude --model <model> -p "<prompt>".
  • [COMMAND_EXECUTION]: The inclusion of the --yolo flag in the codex command protocol is a security risk.
  • Evidence: In SKILL.md, the codex protocol uses codex --yolo. Such flags are typically used in AI agents to suppress user confirmation dialogs and bypass execution safeguards.
  • [COMMAND_EXECUTION]: The skill performs dynamic assembly of shell commands based on user-provided or generated sub-task prompts.
  • Evidence: The skill specifies that "CLI commands are automatically generated by the routing table" and the agent is responsible for "decomposing tasks and selecting models." If the task descriptions (interpolated into the <prompt> parameter) are not properly sanitized, this facilitates command injection where a malicious sub-task could escape the intended command structure.
  • [COMMAND_EXECUTION]: The skill executes local JavaScript files using Node.js to perform routing and statistics.
  • Evidence: Multiple commands refer to node scripts/aios.mjs, including node scripts/aios.mjs model-router list, node scripts/aios.mjs model-router route, and node scripts/aios.mjs model-router stats.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 02:41 PM