smart-model-routing
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands to assist in task scoring and memory recall.
- It uses
tldr impact <function>andtldr calls .to estimate code impact and file dependencies. - It executes a local Python script located at
~/.claude/scripts/core/recall_learnings.pyto retrieve previous task context. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (task descriptions) and interpolates it into a shell command for the memory recall feature, creating a potential command injection surface.
- Ingestion points: User-provided task descriptions are processed in
SKILL.mdlogic. - Boundary markers: None identified for the input data.
- Capability inventory: The skill utilizes subprocess execution for
tldrandpython3(specifically forscripts/core/recall_learnings.py). - Sanitization: No evidence of sanitization or shell-escaping for the
[task description]variable when used in the command:python3 scripts/core/recall_learnings.py --query "model routing [task description]" --text-only.
Audit Metadata