Skills
skills/willoscar/research-units-pipeline-skills/pipeline-router/Gen Agent Trust Hub

pipeline-router

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/run.py) to automate the generation of markdown blocks for checkpoints and summaries within the user's workspace.
  • [PROMPT_INJECTION]: Ingests untrusted text from GOAL.md and interpolates it directly into DECISIONS.md and queries.md. This creates an indirect prompt injection surface where adversarial instructions in the goal file could influence future agent actions.
  • Ingestion points: GOAL.md (via _read_goal).
  • Boundary markers: None; ingested text is inserted into markdown templates without delimiters.
  • Capability inventory: Local file system write access for workspace status tracking.
  • Sanitization: No escaping or validation is performed on the ingested goal string before interpolation.
  • [SAFE]: Structured data parsing for taxonomy and outline files correctly utilizes yaml.safe_load(), which prevents arbitrary object instantiation and associated execution vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:59 PM