adr-backfill

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to ingest and process untrusted data from external sources to reconstruct historical context for ADR creation.\n- [PROMPT_INJECTION] Evidence:\n
  • Ingestion points: Phase 2 (SKILL.md) identifies multiple sources of untrusted data including commit messages, pull request descriptions, ticket links, and retired README content.\n
  • Boundary markers: The skill does not define specific boundary markers or instructions to isolate or ignore embedded commands within the ingested historical data.\n
  • Capability inventory: The skill utilizes file system tools to create directories and write or update markdown files (Phase 4, SKILL.md).\n
  • Sanitization: No explicit sanitization or validation of the ingested strings is performed before they are interpolated into the generated documentation.\n- [NO_CODE]: This skill consists entirely of natural language instructions and reference markdown files; it does not contain or execute any scripts, binaries, or external code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — adr-backfill