create-adr
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill is designed to handle user input for documentation purposes but includes robust proactive sanitization steps. It explicitly instructs the agent to remove path traversal sequences (
..), separators (/,\), null bytes, and control characters from user-provided titles before file creation. Filenames are further restricted to a specific character set[a-z0-9-]and length (80 characters). - [COMMAND_EXECUTION] (SAFE): Uses a limited set of Bash utilities (
ls,grep,sed,sort,tail) solely to calculate the next sequential ID for new files. These operations are performed on local directory paths and do not involve external input in the command string. - [DATA_EXFILTRATION] (SAFE): The skill reads local configuration and template files (e.g.,
.architecture/config.yml). No network tools or external data transmission capabilities are present. - [REMOTE_CODE_EXECUTION] (SAFE): No patterns for remote code downloads or dynamic execution of untrusted scripts were found. All file operations are directed to a predefined local structure.
Audit Metadata