project-roadmap-manager
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the contents of ROADMAP.md, which may contain untrusted data.\n
- Ingestion points: The skill reads the contents of <project_root>/ROADMAP.md to synchronize milestones and updates.\n
- Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the processing logic for file content.\n
- Capability inventory: The skill performs file-write operations to update the roadmap file in the repository root.\n
- Sanitization: The skill does not perform sanitization or validation of the input file content before performing updates.\n- [NO_CODE]: The skill consists entirely of markdown-based instructions and rules, with no executable scripts or code files included.
Audit Metadata