adr-discovery

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use npx to download and run the likec4 package from the npm registry for generating architecture diagrams.
  • [REMOTE_CODE_EXECUTION]: Executes the likec4 CLI tool dynamically using npx, which allows for the execution of remote code at runtime.
  • [COMMAND_EXECUTION]: Spawns subprocesses to run commands such as npx likec4 --version and likec4 start. The latter initializes a local web server on port 5173.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it scans untrusted repository content.
  • Ingestion points: Manifests (package.json, pyproject.toml, etc.), README files, ADR directories, and LikeC4 files.
  • Boundary markers: Uses specific tagging such as [CONFIRMED YYYY-MM-DD] and [FROM CODE, UNCONFIRMED YYYY-MM-DD] to distinguish between human-verified and tool-extracted data.
  • Capability inventory: Performs file reads (globbing repo), file writes (creating discovery briefs and LikeC4 models), and subprocess execution (npx/likec4).
  • Sanitization: Implements a 'zero-hallucination' policy where no automated finding is treated as a fact until confirmed by the user.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — adr-discovery