[Skill Submission] model-hierarchy

[whw]

New Skill Submission

Skill: model-hierarchy
Submitted by: anonymous
Source: https://github.com/zscole/model-hierarchy-skill
Files imported: 1

---

This PR was auto-generated from skills.every.to/submit.

AI security review will run automatically.

[cloudflare-workers-and-pages]

Deploying everyskill with    Cloudflare Pages

Latest commit:	c1ae897
Status:	✅  Deploy successful!
Preview URL:	https://ff50cb81.everyskill.pages.dev
Branch Preview URL:	https://skill-model-hierarchy-177086-kqog.everyskill.pages.dev

View logs

[github-actions]

Frontier Model Security Review

Agent	Verdict
Claude Opus 4.6	PASS
GPT-5.2	PASS

Final Verdict: PASS

---

Claude Opus 4.6 Analysis

{"verdict": "PASS", "issues": [], "reasoning": "This skill is a straightforward informational/advisory document about cost-optimizing AI model selection based on task complexity. It contains no prompt injection attempts, no hidden instructions, no encoded commands, and no 'ignore previous' directives. There are no dangerous tool usages - the code examples shown are illustrative pseudocode and configuration snippets, not executable tool invocations. There are no network calls to external URLs for data exfiltration, no attempts to read credentials or sensitive files, and no social engineering or manipulation. The skill does not define any allowed-tools or request any tool permissions. It simply provides a taxonomy of model tiers, a decision framework for routing tasks, cost comparisons, and integration examples. The content is purely advisory and educational in nature."}

GPT-5.2 Analysis

{"verdict":"PASS","issues":[{"category":"Prompt injection","severity":"low","evidence":"No hidden/encoded instructions, no \"ignore previous\"-style overrides, no attempts to subvert system/developer policies. Content is straightforward guidance on model selection.","risk":"Low risk of instruction hijacking; primarily descriptive."},{"category":"Dangerous tool usage","severity":"low","evidence":"Mentions file read/write, URL fetching, API calls, and spawning sub-agents. No concrete dangerous commands (e.g., rm -rf), no unrestricted shell guidance, no privilege escalation.","risk":"Could encourage routine tool usage, but does not prescribe unsafe operations."},{"category":"Data exfiltration","severity":"low","evidence":"References fetching/parsing URLs and doing lookups; no instruction to collect credentials, read secrets, or transmit sensitive data. No specific external endpoints or covert channels.","risk":"General network/task routing guidance only."},{"category":"Social engineering/manipulation","severity":"none","evidence":"No manipulative language, coercion, or instructions to mislead users."},{"category":"Overly permissive allowed-tools","severity":"low","evidence":"Skill discusses tool orchestration and automated tasks at a high level but does not define an allowed-tools policy or constraints (e.g., restrict filesystem paths, network allowlists).","risk":"In systems that auto-enable tools, lack of explicit constraints could be a governance gap (configuration-level), though not malicious in the skill text."}],"reasoning":"The skill is a cost/model-routing heuristic document. It contains no prompt-injection patterns, no hidden directives, and no explicit harmful tool commands. Mentions of URL fetching, file operations, and agent spawning are generic and not framed toward credential access or exfiltration. Main concern is governance: it encourages broad classes of operations (file I/O, fetching URLs) without embedding safety constraints, but this is a design hardening opportunity rather than malicious content."}

---

Frontier model review complete. Human approval still required.