commands-router
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill documentation includes examples of interpolating untrusted user data into shell commands, which is a classic surface for indirect prompt injection.
- Ingestion points: The variables
{user_intent}and{task_description}inSKILL.mdare used to populate command-line arguments for thereasoning-indextool. - Boundary markers: There are no boundary markers or explicit instructions to the agent to treat the interpolated content as untrusted data or to sanitize it for shell metacharacters.
- Capability inventory: The skill is designed to trigger a variety of actions including code implementation, git operations (commit, push, merge), and system architecture tasks through the
reasoning-indexandsc:*command set. - Sanitization: The provided documentation shows no evidence of input validation, escaping, or schema enforcement before the user-provided strings are passed to the CLI tool.
Audit Metadata