roadmap-with-file
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It takes user input from the requirement description and interpolates it directly into the system prompts of sub-agents (e.g.,
cli-explore-agentandcli-roadmap-plan-agent) without boundary markers or sanitization. - Ingestion points: The
$ARGUMENTSvariable containing the user's requirement description is used in multiplespawn_agentcalls. - Boundary markers: No delimiters (like xml tags or triple quotes) or 'ignore embedded instructions' warnings are present around the untrusted input.
- Capability inventory: The skill can execute shell commands (
Bash), write and edit files (Write,Edit), and trigger other agent skills (ccw skill). - Sanitization: While the
slugused for directory names is sanitized, the raw requirement text is not sanitized before being passed to sub-agents. - [COMMAND_EXECUTION]: The skill uses the
Bashfunction to perform environment setup (creating directories) and to hand off tasks to other skills liketeam-planex. While it includes sanitization for path-related variables, the execution of downstream skills based on data generated by sub-agents (which may have been influenced by user input) presents a minor risk.
Audit Metadata