yao-geo-execution-roadmap

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references research papers from ArXiv (arxiv.org) as methodological foundations for its frameworks. These are well-known scientific sources and are used for informational purposes.
  • [COMMAND_EXECUTION]: Includes a Python script (scripts/render_yao_geo_execution_roadmap.py) used to render reports into Markdown, HTML, DOCX, and PDF formats. The script uses standard libraries and performs HTML/XML escaping on user-provided content.
  • [SAFE]: The skill follows secure development practices. An analysis of the Indirect Prompt Injection surface shows: 1. Ingestion points: User-supplied diagnostic data and opportunity maps enter via the agent interface. 2. Boundary markers: Explicit instructions in SKILL.md and references/quality-gates.md require the agent to distinguish between verified facts and data gaps. 3. Capability inventory: The skill performs local file writes to generate report artifacts. 4. Sanitization: The associated Python rendering script implements proper sanitization using html.escape and xml.sax.saxutils.escape to prevent injection in the generated documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 10:56 AM
Security Audit — agent-trust-hub — yao-geo-execution-roadmap