Skills
skills/boazy/skills/adr/Gen Agent Trust Hub

adr

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a sensitive credential file located at ~/.local/secrets/atlassian.env to retrieve ATLASSIAN_API_TOKEN and ATLASSIAN_EMAIL. This data is then transmitted to the Atlassian API for authentication.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It retrieves ADR content from Confluence and passes it to a sub-agent for architectural review without sufficient sanitization or boundary markers.
  • Ingestion points: Content is fetched from Confluence via scripts/confluence-get.ts (referenced in SKILL.md) and scripts/adr-report.ts.
  • Boundary markers: The review prompt in SKILL.md lacks delimiters or instructions to ignore embedded commands within the ADR text.
  • Capability inventory: The skill has the capability to create and update Confluence pages and execute local shell commands.
  • Sanitization: There is no evidence of HTML sanitization or instruction filtering before content is processed by the review sub-agent.
  • [COMMAND_EXECUTION]: The skill frequently invokes local TypeScript scripts using npx tsx for Confluence operations, reporting, and synchronization tasks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 10:23 AM