adr-discovery
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to analyze the project environment, including
git logfor commit history andnpx likec4for architectural diagramming. These operations are transparent and serve the skill's primary function. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto execute thelikec4package, which may download content from the public npm registry. This targets a well-known service and is used for architectural visualization. - [PROMPT_INJECTION]: The skill includes comprehensive instructions to prevent hallucination, requiring the agent to present findings as questions and wait for user confirmation before documenting any fact. This behavior mitigates risks from potentially malicious content in processed project files.
- [DATA_EXFILTRATION]: The skill performs broad read operations across project documentation and configuration files to build a discovery brief. All extracted data is shared with the user for confirmation and written to local markdown files; no unauthorized network activity was detected.
Audit Metadata