dynamic-claude-router

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the Kimi API (api.moonshot.cn/v1) for task processing via the OpenCode and Pi adapters. This is a recognized external AI service.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by accepting arbitrary user tasks to generate execution plans and route to sub-agents.
  • Ingestion points: User task strings provided via the /dynamic-task command or programmatic API calls defined in SKILL.md.
  • Boundary markers: None explicitly defined in the routing instructions to separate user input from system prompts.
  • Capability inventory: The skill dispatches tasks to agents with file system access (LookupAgent) and code implementation capabilities (WorkAgent).
  • Sanitization: No input validation or sanitization logic is described in the provided routing configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 09:11 AM
Security Audit — agent-trust-hub — dynamic-claude-router