promote-roadmap-items
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill evaluates external data from the project's backlog and strategic goals, which represents an indirect prompt injection surface.
- Ingestion points: The skill reads from
docs/process-management/roadmap.md,docs/project-overview/strategic-goals.md, and files within the backlog directory. - Boundary markers: A mandatory user confirmation phase (Phase 4) is implemented, requiring the user to approve each promotion or demotion decision before any changes are committed.
- Capability inventory: The skill has the capability to read project markdown files and modify their frontmatter or contents.
- Sanitization: The skill relies on human-in-the-loop validation to ensure that any data read from the files does not result in unintended or malicious modifications to the project structure.
Audit Metadata