makepad-router
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): The skill description and routing instructions employ high-priority markers ('CRITICAL:') and imperative language ('MUST load') to override the agent's default processing and force the loading of specific sub-skills.\n- External Downloads (LOW): The skill's documentation includes project configuration snippets that reference an external, non-trusted GitHub repository (github.com/makepad/makepad) as a dependency. While this is consistent with the skill's purpose, it constitutes an unverifiable external reference.\n- Indirect Prompt Injection (LOW): The skill identifies and routes sub-skills based on untrusted user input without implementing safety boundaries.\n
- Ingestion points: User prompt keywords (e.g., 'shader', 'tokio', 'event') are used to trigger routing logic.\n
- Boundary markers: Absent; there are no instructions for the agent to ignore instructions embedded within the user-provided keywords.\n
- Capability inventory: The analyzed file contains only routing logic and documentation; no scripts with execution capabilities (shell, eval, or file-write) are present.\n
- Sanitization: Absent; the system matches user input directly against the routing table without escaping or filtering.
Audit Metadata