roam
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
roam-codepackage viapipand references its official GitHub repository for documentation and source code. These resources are provided by the skill author and are integral to the tool's functionality. - [COMMAND_EXECUTION]: The instructions detail how to use the
roamCLI to perform various tasks such as indexing projects, searching for symbols, and calculating the impact of code changes. These commands are executed locally within the project environment. - [PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection because it processes and presents content from external codebases to the agent.
- Ingestion points: Project source files read via commands like
roam context,roam search, androam symbol(SKILL.md). - Boundary markers: None; the instructions do not specify the use of delimiters to distinguish codebase content from agent instructions.
- Capability inventory: The agent is empowered to execute CLI commands and read local file structures (SKILL.md).
- Sanitization: No specific sanitization or escaping logic is mentioned for the data retrieved from the codebase.
Audit Metadata