dynamic-claude-router
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the Kimi API (api.moonshot.cn/v1) for task processing via the OpenCode and Pi adapters. This is a recognized external AI service.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by accepting arbitrary user tasks to generate execution plans and route to sub-agents.
- Ingestion points: User task strings provided via the /dynamic-task command or programmatic API calls defined in SKILL.md.
- Boundary markers: None explicitly defined in the routing instructions to separate user input from system prompts.
- Capability inventory: The skill dispatches tasks to agents with file system access (LookupAgent) and code implementation capabilities (WorkAgent).
- Sanitization: No input validation or sanitization logic is described in the provided routing configuration.
Audit Metadata