9router-chat
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references documentation and setup files located on the author's GitHub repository (github.com/decolua/9router). This is a legitimate vendor resource.
- [DATA_EXFILTRATION]: The skill performs network requests to an external API endpoint specified by the $NINEROUTER_URL environment variable. This activity is required for the skill's primary function of routing LLM requests.
- [COMMAND_EXECUTION]: Provides example curl commands to query model metadata and send chat completions. These commands are standard for API interaction and do not involve executing untrusted remote scripts.
- [PROMPT_INJECTION]: As an LLM interaction tool, the skill has a surface for indirect prompt injection through responses from the remote router.
- Ingestion points: Data returned from $NINEROUTER_URL in SKILL.md.
- Boundary markers: No delimiters or warnings are used to isolate remote content from agent instructions.
- Capability inventory: Performs network requests and executes logic through curl and the openai library (SKILL.md).
- Sanitization: No specific sanitization or validation of the remote API response is documented.
Audit Metadata