roadmap-manager
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided project and partnership data to generate roadmaps and reports, creating a surface for indirect prompt injection.
- Ingestion points: User requests for project roadmaps, MOU drafts, and sustainability audits.
- Boundary markers: Absent; the skill does not explicitly use delimiters to separate user data from internal instructions.
- Capability inventory: Creates and writes generated markdown files to a local
_workspace/directory. - Sanitization: None; user-supplied inputs are incorporated directly into the context used for document generation.
- [NO_CODE]: The skill consists entirely of markdown instructions and reference materials, containing no executable scripts, binaries, or external code dependencies.
Audit Metadata