cc10x-router
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Behavioral Override and Injection Surface: The skill contains instructions that explicitly prohibit the use of the platform's native planning tools, mandating that the agent follow the skill's own orchestration logic. Additionally, it presents an indirect prompt injection surface (Category 8) where untrusted user input is interpolated into prompts for sub-agents. \n
- Ingestion points: User-provided requests for build, debug, or plan tasks (SKILL.md). \n
- Boundary markers: Markdown headers such as '## User Request' and '## Requirements' are used to delimit content. \n
- Capability inventory: The skill manages file system writes, creates shell tasks (Bash), and orchestrates multi-agent tasks (TaskCreate/TaskUpdate). \n
- Sanitization: The skill lacks explicit validation or sanitization mechanisms for user-supplied data before interpolation into the agent scaffold.\n- [COMMAND_EXECUTION]: State Management Commands: The skill utilizes shell commands, specifically 'mkdir -p', to initialize persistent state directories within the project-local '.claude/cc10x/v10/' path. These operations are limited in scope to the development environment and are necessary for the skill's workflow management functionality.
Audit Metadata