cs-roadmap
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python utilities within the project directory to perform administrative tasks.
- Evidence: Phase 2 invokes codestable/tools/search-yaml.py to find existing components.
- Evidence: Phase 6 and the reference guide utilize codestable/tools/validate-yaml.py to verify the syntax of generated roadmap metadata.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted user-provided materials.
- Ingestion points: In Phase 2, the agent reads user-provided project materials and requirement documents.
- Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the ingested text.
- Capability inventory: The skill can write files to the roadmap directory and execute local scripts.
- Sanitization: The instructions do not specify a process for sanitizing or escaping content derived from user materials before incorporating it into drafts.
Audit Metadata