Skills
skills/adolfoaranaes12/bmad-enhanced/create-adr/Gen Agent Trust Hub

create-adr

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands including ls, find, and mkdir to manage the ADR directory and determine the next available record number. These operations are limited to the local filesystem for document organization.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from external files.
  • Ingestion points: In Step 1, the skill uses a Read operation to ingest content from a file path provided in the context input.
  • Boundary markers: There are no explicit delimiters or instructions to the model to ignore embedded commands within the analyzed files.
  • Capability inventory: The skill can read local files, list directory contents, create directories, and write new markdown files to the filesystem.
  • Sanitization: No sanitization or validation is performed on the ingested file content before it is processed by the agent to extract decisions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 08:44 AM