adr_tools
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the use of sudo make install during the Linux installation process, which executes commands with administrative privileges. This poses a risk if the downloaded source code is compromised.
- [EXTERNAL_DOWNLOADS]: The instructions direct the agent to download source code from an external GitHub repository (https://github.com/npryce/adr-tools.git) that is not within the pre-approved trusted vendors list.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the download and immediate execution or installation of external code via git clone and make install, which is a high-risk pattern for supply chain attacks.
- [COMMAND_EXECUTION]: The skill relies on several external command-line utilities (brew, git, adr, dot) to function, necessitating the spawning of subprocesses with potentially unvalidated arguments.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it accepts arbitrary user input for ADR titles and interpolates this data directly into shell commands without explicit sanitization or boundary markers.
- Ingestion points: ADR titles and linking descriptions provided by the user.
- Boundary markers: None identified in the provided instruction set.
- Capability inventory: Ability to execute shell commands, create and modify files in the local filesystem, and interact with version control systems.
- Sanitization: No evidence of escaping or validation of user-provided strings before they are used in CLI execution.
Recommendations
- AI detected serious security threats
Audit Metadata