roadmap-management
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation providing guidance on roadmap frameworks and prioritization methods. There are no scripts, binaries, or configuration files that execute code.
- [DATA_EXPOSURE] (SAFE): While the skill mentions connecting to external tools like project trackers and knowledge bases, it does not contain any hardcoded credentials, API keys, or logic for exfiltrating data. It uses abstract placeholders (e.g., ~~project tracker) to describe intended tool interactions.
- [PROMPT_INJECTION] (SAFE): The instructions are focused on professional product management tasks. There are no attempts to override system prompts, bypass safety filters, or extract underlying instructions.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill defines a surface for processing data from external tools. While this is a potential vector for indirect prompt injection (where instructions are embedded in third-party data), the skill itself lacks any capabilities (like shell execution or file writing) that could be exploited.
Audit Metadata