define-roadmap
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected due to data ingestion from project files.
- Ingestion points: The skill reads strategic goals and project background from
docs/project-overview/strategic-goals.mdor other user-provided document paths. - Boundary markers: Absent; there are no defined delimiters or instructions to ignore embedded commands within the ingested strategic goal content.
- Capability inventory: The skill has the capability to write and persist Markdown documents to the project filesystem (e.g.,
docs/process-management/roadmap.md). - Sanitization: Absent; the skill does not specify any sanitization, escaping, or validation of the ingested text before interpolating it into the final roadmap document.
Audit Metadata