roadmap-with-file
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
functions.exec_commandto create directories, detect project types via shell tests, and list issues. It implements sanitization on the session ID used in these commands to prevent shell injection. - [EXTERNAL_DOWNLOADS]: The skill utilizes
web.runto perform external research on architecture patterns and best practices based on user-provided requirements. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to its processing of untrusted data from multiple sources.
- Ingestion points: User-provided requirements from
$ARGUMENTS, codebase metadata returned bycli_explore_agent, and search results retrieved viaweb.run. - Boundary markers: The skill uses markdown headers (e.g.,
## TASK CONTEXT) to structure subagent messages but lacks explicit delimiters or "ignore embedded instructions" warnings for the interpolated data. - Capability inventory: The skill possesses capabilities for shell command execution (
functions.exec_command), network search (web.run), and file system writes (Write). - Sanitization: While session identifiers are sanitized for shell safety, the requirement text and search results are not sanitized or escaped before being passed to subagents or included in the roadmap artifacts.
Audit Metadata