roadmap-management
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill processes untrusted content from ROADMAP.md and CHANGELOG.md. Malicious instructions embedded in task descriptions could hijack the agent's logic during 'Weekly Cleanup' or 'Archive' tasks.
- Ingestion points: ROADMAP.md and CHANGELOG.md are read to identify tasks.
- Boundary markers: None present in instructions to distinguish between data and instructions.
- Capability inventory: The skill uses file-write operations and git shell commands.
- Sanitization: No sanitization is mentioned for text extracted from the files before it is processed by the agent.
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run 'git log' using task descriptions extracted from the roadmap file as search strings.
- Evidence: The 'Archive' section explicitly calls for: 'git log --all --fixed-strings --grep=""'. While the use of --fixed-strings prevents regex injection, the command execution itself relies on the agent safely handling the description string to prevent shell-level injection.
Audit Metadata