adr
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Retroactive Mode' that reads the local file
~/.claude/history.jsonl. This file contains the history of user messages, which may include sensitive information or previous instructions. Processing this untrusted data to generate documentation creates an indirect prompt injection vulnerability. - Ingestion points: Accesses
~/.claude/history.jsonl(file name) and the active session's context. - Boundary markers: Absent. The instructions do not specify delimiters or constraints to prevent the agent from inadvertently following instructions found within the history during the scan.
- Capability inventory: Reads local history logs; writes to project ADR files (e.g.,
docs/architecture-decisions.mdin SKILL.md) and configuration files (~/.claude/skills/adr/config.mdin README.md). - Sanitization: Absent. The skill summarizes historical interactions directly into new entries without sanitizing or validating the content for malicious prompts.
Audit Metadata