cs-roadmap
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
search-yaml.py,validate-yaml.py) and standard utilities likegrepwithin the project'scodestable/directory. These tools are used for administrative tasks such as searching existing documentation and validating the YAML syntax of generated roadmap items. - [PROMPT_INJECTION]: The skill processes untrusted user input and external documentation to generate technical plans, which constitutes an indirect prompt injection surface.
- Ingestion points: User-provided materials (Phase 2), existing files in
codestable/requirements/, andcodestable/architecture/directories. - Boundary markers: The skill does not explicitly use delimiters for untrusted input, but it implements a mandatory human-in-the-loop review (Phase 5) before finalizing outputs.
- Capability inventory: File system write access to
codestable/roadmap/and execution of local shell commands via Python. - Sanitization: There is no explicit logic described to sanitize user-provided keywords used in shell command interpolation (e.g.,
{大需求关键词}).
Audit Metadata