krt-roadmap-cartographer
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard documentation utility that extracts project context to create roadmaps. It follows a structured workflow and operates within its stated scope, with no evidence of malicious intent, unauthorized resource access, or persistence mechanisms.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its core function of processing external documents.
- Ingestion points: The skill scans various repository files, including
README.md,STRATEGY.md, and technical specifications as defined inSKILL.md. - Boundary markers: No explicit delimiters or boundary markers are defined to isolate external data from the primary instruction set.
- Capability inventory: The skill writes new files to the
docs/folder and generates suggested prompts for subsequent agent actions. - Sanitization: No explicit data sanitization or validation of the content extracted from project documents is performed before it is used to populate output templates.
- Note: This vulnerability surface is inherent to documentation-analysis skills and does not signify a malicious implementation.
Audit Metadata