tldr-router
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines and utilizes various shell commands through a 'tldr' utility for code analysis. These include
tldr treefor file overviews,tldr cfgfor control flow,tldr dfgfor data flow, andtldr slicefor impact analysis. - [PROMPT_INJECTION]: The skill operates as an intent-detection system that processes user messages to automatically trigger specific tool calls. This ingestion of untrusted natural language data to populate command arguments (such as function names and file paths) represents an indirect prompt injection surface. No explicit sanitization or boundary markers are defined in the instructions.
Audit Metadata