adr-plan
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data such as task descriptions and active plans to generate ADRs. While it lacks explicit boundary markers for this untrusted input, the risk is mitigated by the restricted execution environment defined in the skill's configuration.\n- [COMMAND_EXECUTION]: The skill utilizes bash commands for file system exploration and ADR management. These commands are limited to specific, pre-defined patterns (ls, cat, git, npx adr) within the platform configuration, preventing arbitrary command execution.\n- [EXTERNAL_DOWNLOADS]: The skill uses
npxto execute theadrpackage. This is a standard developer workflow for managing architecture records and relies on the npm registry.
Audit Metadata