roadmap-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill performs intended codebase auditing and discovery functions using standard command-line tools and MCP integrations.
- [COMMAND_EXECUTION]: The skill uses
GrepandGlobfor local file scanning and thegh(GitHub) CLI for issue management. These operations are restricted to the local repository context and the user's authenticated GitHub environment. - [PROMPT_INJECTION]: The skill includes strong internal directives to maintain autonomy (e.g., "NEVER ask user which lens"), which are functional directives for the agent's workflow and not attempts to bypass LLM safety guardrails.
- [DATA_EXFILTRATION]: While the security lens is designed to identify potential secrets (passwords, tokens), the findings are intended for storage in the local
contextdMCP or the user's own GitHub issues. This represents legitimate tool functionality rather than malicious exfiltration to an untrusted third party.
Audit Metadata