roadmap-add
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell-based tools (
grepandgit) to perform its primary functions. User-supplied input from task descriptions is interpolated into command arguments, which is a common pattern for developer tools. - Evidence: The duplication check in Step 2 uses
grepwith a user-derived keyword, and Step 7 executesgit commitusing the task title in the commit message. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it reads content from external files that may contain untrusted data.
- Ingestion points: The skill reads
jaan-to/roadmap.md,roadmap-add.learn.md, and system-level protocol documents. - Boundary markers: No explicit delimiters or specific instructions to ignore embedded commands are present in the skill definition to isolate data from instructions.
- Capability inventory: The skill has capabilities to modify files via
EditandWritetools and interact with the git repository through shell commands. - Sanitization: No explicit content validation or escaping logic is defined for the data read from these external sources.
Audit Metadata