Skills
skills/navanithans/agent-skill-kit/ask-adr-logger/Gen Agent Trust Hub

ask-adr-logger

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The create_adr.py script accepts an arbitrary directory path via the --dir argument without validation or restriction to a safe workspace. This creates an attack surface where a malicious prompt could influence the agent to write files to sensitive locations on the filesystem.\n
  • Ingestion points: Command-line arguments --dir and --title in scripts/create_adr.py.\n
  • Boundary markers: Absent. There are no instructions or delimiters to prevent the agent from accepting and using malicious paths.\n
  • Capability inventory: File system write access via os.makedirs() and open(..., 'w') in scripts/create_adr.py.\n
  • Sanitization: While the slugify() function sanitizes the filename portion, the directory path provided to the script is used directly without validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM