context-router
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill facilitates the execution of shell commands using user input interpolated into templates (e.g., limitless search, research docs). This pattern is susceptible to command injection if input contains shell-active characters like backticks or semicolons. Severity is MEDIUM as this is the primary functionality but requires implementation-level safety checks.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection. 1. Ingestion points: Trigger commands (/context, /limitless, etc.) and intent hooks. 2. Boundary markers: Command templates use double quotes but lack explicit sanitization instructions. 3. Capability inventory: Access to personal logs (limitless), online research tools, and local code snippets (pieces). 4. Sanitization: No sanitization or escaping logic is defined within the provided skill files.
Audit Metadata