adr
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ADR review workflow. It retrieves ADR content from Confluence and injects it into a sub-agent prompt, which could allow malicious instructions stored in a Confluence page to influence the agent's behavior.\n
- Ingestion points: External data is fetched from Confluence via
scripts/adr-report.tsandscripts/adr-sync-emojis.ts.\n - Boundary markers: The
task()prompt inSKILL.mddoes not utilize delimiters or specific instructions to isolate or ignore potentially malicious content within the interpolated ADR text.\n - Capability inventory: The skill has the capability to execute shell commands using
bunx tsxand perform administrative actions in Confluence, such as creating or updating pages and properties.\n - Sanitization: There is no evidence of sanitization or validation of the retrieved HTML content before it is processed by the sub-agent review logic.\n- [CREDENTIALS_UNSAFE]: The core integration library
scripts/lib/confluence.tsis designed to read Atlassian API credentials from a hardcoded file path:~/.local/secrets/atlassian.env. While the use of environment files is a recognized secret management technique, accessing files in the user's home directory outside the project environment increases the risk of sensitive data exposure if the environment is shared or improperly secured.
Audit Metadata