maestro-roadmap
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for managing session directories and logging discoveries. The discovery board protocol uses shell redirection to append data from sub-agents to a file, which poses a risk of command injection if the sub-agent output is manipulated.
- [PROMPT_INJECTION]: The skill ingests untrusted data from arguments and external files to build instructions for its CSV-based agent orchestration.
- Ingestion points: Data is pulled from command arguments, brainstorm session exports, and local file references.
- Boundary markers: The skill lacks explicit protective markers or delimiters when interpolating external content into agent instructions.
- Capability inventory: The skill and its sub-agents have access to powerful tools like Bash, Write, and Edit.
- Sanitization: Path-level sanitization is present for folder names, but no content sanitization is performed on the instructions provided to the agents.
Audit Metadata