cli-router
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through the interpolation of user-provided data into a routing command.
- Ingestion points: The
{user_intent}variable is interpolated into thecli-index routecommand withinSKILL.md. - Boundary markers: Absent; the input is wrapped in double quotes but lacks explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill facilitates access to a wide array of powerful system tools including file search (
fd,rg), data processing (jq,qsv,nu), and external AI interfaces (claude,gemini,aider). - Sanitization: No sanitization or validation logic is present in the skill definition to handle malicious control characters or command injection attempts.
- [COMMAND_EXECUTION] (LOW): The primary purpose of the skill is to trigger shell commands. While this is the intended behavior, the broad range of tools categorized (including AI assistance, file navigation, and data processing) creates a significant capability surface that an attacker could exploit if they successfully influence the
{user_intent}parameter.
Audit Metadata