Skills
skills/willoscar/research-units-pipeline-skills/pipeline-router/Gen Agent Trust Hub

pipeline-router

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads untrusted content from the user-controlled GOAL.md file and interpolates it into the DECISIONS.md file.
  • Ingestion points: The _read_goal function in scripts/run.py reads text from GOAL.md in the user's workspace.
  • Boundary markers: Absent; the content from GOAL.md is directly embedded into Markdown headers and bullet points in DECISIONS.md without delimiters or instructions for the agent to ignore nested commands.
  • Capability inventory: The skill grants the agent the ability to read and write several workspace files including PIPELINE.lock.md, DECISIONS.md, queries.md, and STATUS.md.
  • Sanitization: The script performs minimal filtering (skipping comments and headers) but does not sanitize the actual text content for potential prompt injection payloads before it is presented back to the agent in subsequent steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 06:47 AM