Skills
skills/cranot/roam-code/roam/Gen Agent Trust Hub

roam

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the roam-code Python package via pip install roam-code. This package is a vendor-owned resource associated with the skill author ('cranot').
  • [COMMAND_EXECUTION]: The skill extensively uses the roam CLI to interact with a local SQLite database (.roam/index.db) and analyze the codebase. These commands are used for orientation (roam understand), search, and impact analysis.
  • [PROMPT_INJECTION]: As the tool processes untrusted data (the local codebase being analyzed), there is a potential for indirect prompt injection if source code files contain malicious instructions. However, this is a standard risk for any code-analysis tool.
  • Ingestion points: Local source files and git history are read during the roam init and roam index processes.
  • Boundary markers: The skill does not explicitly define delimiters for separating analyzed code from agent instructions in the output.
  • Capability inventory: The skill can execute CLI commands and write to specific local files like CLAUDE.md and .cursor/rules using roam agent-export and roam minimap.
  • Sanitization: The instructions do not specify sanitization or escaping mechanisms for the output returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 10:09 PM