adr-creator
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs directory scans using the "find" command to locate existing ADR files and directories (e.g., "doc/adr/"). This activity is limited to the local project environment and is necessary for the skill to maintain correct file numbering and naming conventions.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing "adr-tools", an open-source command-line utility. All referenced URLs and installation sources target the official GitHub repository for the tool, which is a well-known service. These references are used solely for environment setup.
- [COMMAND_EXECUTION]: The skill executes local commands such as "adr init", "adr new", and "adr help". These operations are used to interface with the "adr-tools" CLI and are consistent with the skill's stated purpose of automating architecture documentation workflows.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads and summarizes the content of existing markdown files within the project. While this involves processing potentially untrusted data from the filesystem, the impact is low as the agent uses this information only to guide the creation of new architectural records.
- Ingestion points: Reads "*.md" files from paths identified as ADR directories (e.g., "doc/adr/").
- Boundary markers: Absent when interpolating existing ADR summaries into the conversation context.
- Capability inventory: Executes local CLI tools ("adr-tools"), performs filesystem searches, and writes new markdown files.
- Sanitization: Content from existing files is read and summarized without explicit sanitization or escaping.
Audit Metadata