cs-roadmap-review

Warn

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Ingestion points: Reads roadmap files, requirement/architecture documentation, and project source code in SKILL.md. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided templates. Capability inventory: Includes file-writing capabilities and the ability to create sub-agents via mcp__paseo__create_agent. Sanitization: None observed for external content before interpolation into agent prompts.\n- [DATA_EXFILTRATION]: The skill reads sensitive project assets, including roadmaps, architecture documents, and source code facts, and transmits this data to external LLM providers through sub-agent delegation (mcp__paseo__create_agent) or native task execution tools.\n- [DATA_EXFILTRATION]: Accesses the configuration file ~/.paseo/orchestration-preferences.json in the user's home directory. Accessing files outside the project workspace is a sensitive operation that can expose user-level configuration and environment preferences.\n- [COMMAND_EXECUTION]: Implements dynamic task delegation by generating and executing prompts for sub-agents based on the content of local project files and runtime tool availability checks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 1, 2026, 07:40 AM
Security Audit — agent-trust-hub — cs-roadmap-review