roadmap-updater
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious patterns or security vulnerabilities were detected in the skill instructions or workflow.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data (git commit messages and ROADMAP.md content) and performs file-write operations.
- Ingestion points:
read_file("ROADMAP.md")and external commit messages. - Boundary markers: None explicitly defined in the provided markdown.
- Capability inventory:
read_file,replace_string_in_file,grep_search. No shell execution or network access. - Sanitization: None described. While this creates a surface for indirect prompt injection, the limited scope of file modifications makes the risk negligible.
Audit Metadata