adr-discovery
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
npxto download and run thelikec4package from the npm registry for generating architecture diagrams. - [REMOTE_CODE_EXECUTION]: Executes the
likec4CLI tool dynamically usingnpx, which allows for the execution of remote code at runtime. - [COMMAND_EXECUTION]: Spawns subprocesses to run commands such as
npx likec4 --versionandlikec4 start. The latter initializes a local web server on port 5173. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it scans untrusted repository content.
- Ingestion points: Manifests (package.json, pyproject.toml, etc.), README files, ADR directories, and LikeC4 files.
- Boundary markers: Uses specific tagging such as
[CONFIRMED YYYY-MM-DD]and[FROM CODE, UNCONFIRMED YYYY-MM-DD]to distinguish between human-verified and tool-extracted data. - Capability inventory: Performs file reads (globbing repo), file writes (creating discovery briefs and LikeC4 models), and subprocess execution (npx/likec4).
- Sanitization: Implements a 'zero-hallucination' policy where no automated finding is treated as a fact until confirmed by the user.
Audit Metadata