pm-roadmap
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts, bypass safety filters, or extract underlying configurations.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local files or perform any network operations to external domains.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): There are no package installations (npm/pip) or scripts that download and execute code from remote sources.
- [Dynamic Execution] (SAFE): No use of eval(), exec(), or runtime compilation techniques detected. The skill uses 'disable-model-invocation: true', further limiting its capability to execute actions.
- [Persistence & Privilege Escalation] (SAFE): No attempts to modify shell profiles, system services, or acquire elevated permissions (sudo).
- [Indirect Prompt Injection] (SAFE): While the skill processes user inputs to generate roadmaps, it lacks any high-privilege capabilities (like network or file system access) that could be exploited by malicious data.
Audit Metadata