adr-backfill
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and process untrusted data from external sources to reconstruct historical context for ADR creation.\n- [PROMPT_INJECTION] Evidence:\n
- Ingestion points: Phase 2 (SKILL.md) identifies multiple sources of untrusted data including commit messages, pull request descriptions, ticket links, and retired README content.\n
- Boundary markers: The skill does not define specific boundary markers or instructions to isolate or ignore embedded commands within the ingested historical data.\n
- Capability inventory: The skill utilizes file system tools to create directories and write or update markdown files (Phase 4, SKILL.md).\n
- Sanitization: No explicit sanitization or validation of the ingested strings is performed before they are interpolated into the generated documentation.\n- [NO_CODE]: This skill consists entirely of natural language instructions and reference markdown files; it does not contain or execute any scripts, binaries, or external code.
Audit Metadata