tpm-roadmap-slice
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on structured data extraction and formatting. There are no attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths (e.g., .ssh, .aws) were found. The skill only references local documentation templates and reference files within the skill's own directory structure.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill contains no package installation commands (pip, npm) and no patterns for downloading or executing remote scripts.
- [Privilege Escalation & Persistence] (SAFE): No administrative commands (sudo) or attempts to modify system startup scripts or configuration files were detected.
- [Indirect Prompt Injection] (SAFE): While the skill processes external data (Vision PRDs), it serves as a text transformation tool with no access to dangerous capabilities like shell execution or network requests that could be triggered by malicious input data.
Audit Metadata