adr-index
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow executes a local Python script,
scripts/build_adr_index.py, to validate ADR files and generate an index. This script is part of the skill package and does not utilize external or untrusted resources. - [PROMPT_INJECTION]: The skill implements an indexing mechanism for Architecture Decision Records (ADRs) that presents a surface for indirect prompt injection.
- Ingestion points: The
scripts/build_adr_index.pyscript parses all markdown files within thedocs/adr/directory. - Boundary markers: The generated
docs/adr/index.jsondoes not include delimiters or instructions to treat the extracted metadata (such as titles or TL;DRs) as untrusted data. - Capability inventory: The skill allows for local file system modification (writing
index.json) and is intended to guide agent behavior through documented architectural decisions. - Sanitization: No sanitization or validation is performed on the text content extracted from the ADR files to prevent instructions from being misinterpreted as commands by an agent reading the index.
Audit Metadata