adr-writing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (SAFE): No malicious instructions, behavioral overrides, or safety bypass patterns were detected in the instruction set.
- COMMAND_EXECUTION (SAFE): The skill executes a local script
scripts/next_adr_number.py. Analysis of the script shows it uses standard Python libraries (pathlib,re) to safely scan for existing files and calculate the next sequence number without side effects. - DATA_EXFILTRATION (SAFE): The skill reads from local documentation directories and writes new files to
docs/adrs/. No network exfiltration or access to sensitive credential paths was identified. - INDIRECT_PROMPT_INJECTION (LOW): The workflow involves ingesting data from external, potentially untrusted sources such as PRs, issues, and design documents (Step 2).
- Ingestion points: SKILL.md Step 2 (Discussion sources: PRs, issues, and documents).
- Boundary markers: Absent in the provided instructions.
- Capability inventory: Local filesystem write access (ADR creation) and script execution.
- Sanitization: No explicit sanitization or instruction-filtering is mentioned for the ingested discussion data.
Audit Metadata