roamresearch
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external Roam Research pages which may contain malicious instructions.\n
- Ingestion points: Content is retrieved via
roam-cli get,search, andjournalcommands as documented inSKILL.mdandusage-examples.md.\n - Boundary markers: There are no instructions for using delimiters or boundary markers to isolate processed data from the agent's instructions.\n
- Capability inventory: The skill provides write and modification capabilities through
roam-cli save,block create, andbatch runas defined inSKILL.md.\n - Sanitization: No sanitization or validation routines are specified for handling retrieved content before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing a CLI tool from a remote repository.\n
- Download source: Installation instructions in
references/installation.mddirect the user to downloadroam-clifrom theLeechael/roamresearch-skillsrepository on GitHub.\n - Installation process: Requires extracting a tarball and installing the binary into a system path (
/usr/local/bin).\n- [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication data through environment variables.\n - Sensitive keys: Relies on
ROAM_API_TOKENandROAM_API_GRAPHfor API access.\n - Access method: Credentials are provided via environment variables or injected using tools like 1Password CLI as described in
references/installation.md.\n- [COMMAND_EXECUTION]: Core functionality is delivered through numerous subprocess executions of theroam-clibinary with various arguments and piped inputs.
Audit Metadata