adr
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is appropriately scoped using the
allowed-toolsconfiguration, which limits the agent's capabilities to basic filesystem operations (Read,Write,Glob,Grep). This restrictive configuration prevents the skill from performing network requests, executing arbitrary shell commands, or accessing sensitive system areas. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads and processes user-generated markdown files from the repository to list and supersede decision records.
- Ingestion points: The agent reads files within the
docs/adr/directory using theReadandGreptools (SKILL.md). - Boundary markers: The instructions do not define specific delimiters or warnings to ignore instructions that may be embedded within the ADR files being read.
- Capability inventory: The agent is authorized to use the
Writetool to create and modify files within the project scope (SKILL.md). - Sanitization: There is no explicit validation or sanitization mentioned for the content parsed from existing ADR files.
Audit Metadata