cortex-router
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
route_request.py,execute_cortex.py) located in the plugin directory to process and route user prompts. User input is passed as a command-line argument. - [PROMPT_INJECTION]: The skill interpolates user-provided text into shell commands, creating an indirect prompt injection surface. Evidence: 1. Ingestion point: User prompt in SKILL.md. 2. Boundary markers: Absent in the command template. 3. Capability inventory: Python script execution via shell. 4. Sanitization: Instructions recommend the agent perform shell-escaping of the prompt.
- [REMOTE_CODE_EXECUTION]: The skill manages the environment by conditionally loading the
cortex-code:cortex-setupskill if the required CLI tool is missing locally.
Audit Metadata