skill-router
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions specify that the agent should "ALWAYS use this skill FIRST" when a user asks for help or mentions skills. This is a behavioral override that attempts to establish the skill as the primary interface for navigation and intent matching.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) due to its core routing logic.\n
- Ingestion points: The skill ingests user queries and may use the
ReadorGreptools to analyze local project context to identify appropriate skills (SKILL.md).\n - Boundary markers: There are no explicit markers or safety instructions included to ensure the agent ignores malicious instructions embedded within the analyzed requests or files.\n
- Capability inventory: The skill is granted access to several tools including
Read,Grep,WebSearch, andAskUserQuestion, which provide a mechanism for external or malicious data to influence agent behavior.\n - Sanitization: No input sanitization or validation protocols are described for handling untrusted data during the classification process.\n- [EXTERNAL_DOWNLOADS]: The skill documents and references external technical resources from well-known organizations including AWS, GitHub, and Patronus AI for the purpose of explaining routing strategies. These are informational links and do not involve automated execution of remote scripts.
Audit Metadata