Skills
skills/kw12121212/auto-spec-driven/roadmap-recommend/Gen Agent Trust Hub

roadmap-recommend

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading content from the project's filesystem (specifically files in the .spec-driven/ directory) and incorporating it into the agent's reasoning.
  • Ingestion points: The skill reads .spec-driven/config.yaml, roadmap INDEX.md, milestone files, and specification files (SKILL.md, Step 1).
  • Boundary markers: There are no explicit instructions to the agent to isolate or treat ingested file content as untrusted or to ignore any embedded instructions.
  • Capability inventory: The skill executes CLI commands via node {{SKILL_DIR}}/scripts/spec-driven.js and performs multiple file writes to create proposal.md, design.md, tasks.md, questions.md, and delta spec files (SKILL.md, Step 6 and 7).
  • Sanitization: No evidence of sanitization or validation of the input data before it is used for file generation or reasoning.
  • [COMMAND_EXECUTION]: The skill relies on executing local JavaScript files via Node.js (spec-driven.js) to manage project state, scaffold changes, and verify artifacts. While these are local project scripts, they constitute the skill's primary mechanism for state modification and system interaction.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 01:57 PM
Security Audit — agent-trust-hub — roadmap-recommend