blueprint-adr-validate
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (
find,grep,sed,jq) to analyze local ADR files and update a task registry. Thejqimplementation correctly utilizes command-line arguments (--arg) to inject dynamic data, preventing injection vulnerabilities. - [DYNAMIC_CONTEXT_INJECTION]: The skill employs the
!commandsyntax to gather context at load time, such as checking for the existence of the ADR directory and counting files. These operations are limited to benign local file system checks. - [INDIRECT_PROMPT_INJECTION]: The skill parses content from user-provided Markdown files (
docs/adrs/*.md). There is a theoretical surface for indirect injection if an attacker embeds malicious instructions in an ADR's metadata fields. However, the skill treats these values as identifiers or status strings during validation, which limits the risk. - Ingestion points: Reads metadata from
docs/adrs/*.mdusinggrepandsed(SKILL.md Step 1). - Boundary markers: None explicitly defined for the prompt phase, though parsing is restricted to specific frontmatter keys.
- Capability inventory:
Bash(file system operations, jq),Edit(file modification),AskUserQuestion(interactive remediation). - Sanitization: Uses
jq --argfor safe JSON updates; remediation involves user confirmation for all changes in interactive mode.
Audit Metadata