Model Router

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only model-routing skill whose ability to choose cheaper or premium AI models is disclosed and consistent with its purpose.

Safe to install as a routing guide, with normal caution: define a maximum spend or preferred model tier, ask for approval before premium or gateway routing on sensitive work, and avoid auto-routing private prompts through providers you do not trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description includes broad trigger phrases such as 'which model should I use', 'optimize cost', and 'use the right model', which can overlap with ordinary user requests outside the intended delegation context. This can cause the router skill to activate unexpectedly and influence downstream model selection for unrelated tasks, creating prompt-routing confusion and increasing the chance of inappropriate task delegation.

Vague Triggers

Low

Confidence: 89% confidence
Finding: The mode-switch phrases ('Use aggressive routing', 'Use quality mode', 'Use balanced routing', 'Use [specific model] for this') are ambiguous and do not define who may issue them, whether they persist, or what scope they affect. An attacker or accidental prompt injection within task content could alter routing policy or model choice, potentially degrading quality, increasing cost, or bypassing intended safeguards for sensitive tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal