adr-management
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely on local project documentation using provided scripts (
adr_manager.py,next_number.py). It does not demonstrate any patterns for credential theft, unauthorized network access, or persistence. - [SAFE]: Indirect Prompt Injection Risk: The skill reads content from local ADR files to perform search and retrieval tasks. While this represents a theoretical attack surface where malicious content in an ADR could influence the agent, this behavior is essential for its primary architectural management function. The risk is minimized as the skill does not have network access for data exfiltration.
- Ingestion points:
adr_manager.py(via search and get commands) and theReadtool used in the SKILL.md workflow. - Boundary markers: Not explicitly defined in the scripts or instructions.
- Capability inventory:
Bash,Write, and local file system manipulation through Python scripts. - Sanitization:
adr_manager.pyperforms basic character replacement (replacing spaces and dashes with underscores) when generating filenames to prevent simple path issues.
Audit Metadata