adr-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'git diff' via Bash to retrieve repository changes for analysis, which is consistent with its stated purpose.\n- [PROMPT_INJECTION]: The skill processes untrusted input from code diffs and ADR files, representing an indirect prompt injection surface. The risk is assessed as low given the skill's restricted reporting capabilities.\n
- Ingestion points: Git diff output and markdown files in the 'docs/adr/' directory.\n
- Boundary markers: None.\n
- Capability inventory: Bash, Read, Grep, Glob, and internal MCP tools.\n
- Sanitization: No explicit sanitization or filtering of ingested data.\n- [SAFE]: No malicious patterns, such as credential theft or remote code execution from untrusted sources, were identified. The skill operates locally on repository data.
Audit Metadata