architecture-decisions
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions to override and ignore external directives (e.g., from 'spawn prompts' or 'coordinators') that attempt to skip the mandatory RESEARCH phase. This is a defensive measure to maintain process integrity. (SKILL.md)
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external documentation and source code during the RESEARCH phase.
- Ingestion points: External URLs and source files (SKILL.md, references/adr-lifecycle.md).
- Boundary markers: The skill employs structured templates and phase gates, though it lacks explicit technical sanitization for ingested content (references/adr-template.md).
- Capability inventory: File system modifications (writing ADRs and ARCHITECTURE.md), network access (reading documentation), and execution of shell commands (git, gh) (SKILL.md, references/adr-lifecycle.md, references/adr-template.md).
- Sanitization: Relies on manual 'Research Critique' and 'Draft Critique' phases for human verification of findings.
- [COMMAND_EXECUTION]: Executes shell commands using 'git' and 'gh' (GitHub CLI) for branch management, commits, and PR creation. It also uses 'grep' to verify the absence of merge conflicts. (references/adr-lifecycle.md, references/adr-template.md).
- [EXTERNAL_DOWNLOADS]: Facilitates the installation of related skills using the command 'npx skills add jwilger/agent-skills'. This targets the author's own repository, which is a recognized vendor resource. (SKILL.md)
Audit Metadata