adr-skill
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of several internal Node.js scripts (
bootstrap_adr.js,new_adr.js,set_adr_status.js) to initialize directories, generate ADR files, and update decision statuses. It also instructs the agent to use a custom CLI tool (joelclaw) for system synchronization and record ranking. - [EXTERNAL_DOWNLOADS]: The documentation recommends the installation of an optional third-party skill (
visual-explainer) from an external GitHub repository (github.com/nicobailon/visual-explainer) to provide diagramming capabilities. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core design as an 'agent-readiness' tool. It captures user input via Socratic questioning and stores it in markdown files intended to govern the behavior of future agents. Malicious input during the drafting phase could be used to influence the actions of downstream agents that consult these ADRs.
- Ingestion points: User answers to Phase 1 questions captured in the
SKILL.mdworkflow. - Boundary markers: Includes an 'Intent Summary Gate' that requires human confirmation before the agent proceeds to generate files, which acts as a manual review step.
- Capability inventory: The skill has the ability to write files to the repository and execute local maintenance scripts.
- Sanitization: Titles are sanitized using a slugify function in
new_adr.js, though the body content of the ADR is written largely as provided.
Audit Metadata