Skills
skills/leechael/roamresearch-skills/roamresearch/Gen Agent Trust Hub

roamresearch

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to interact with the roam-cli utility and perform system operations such as binary installation.\n- [EXTERNAL_DOWNLOADS]: The skill's installation guide in references/installation.md directs users to download the roam-cli binary from the author's GitHub repository.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of data from external Roam Research pages.\n
  • Ingestion points: Commands in SKILL.md like get, search, and journal read untrusted content from the Roam graph.\n
  • Boundary markers: There are no markers or instructions to isolate retrieved content from the agent's context.\n
  • Capability inventory: The skill allows significant modifications to the graph via save, block create, and batch run as specified in SKILL.md.\n
  • Sanitization: No evidence of data sanitization or validation is present in the skill's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 02:13 PM