Skills
skills/validkeys/sherpy/architecture-decision-record/Gen Agent Trust Hub

architecture-decision-record

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from 'technical-requirements.yaml' to generate its output.
  • Ingestion points: The skill reads the 'technical-requirements.yaml' file as its primary source of data.
  • Boundary markers: No delimiters or 'ignore instructions' are present to separate the user-provided data from the agent's system instructions.
  • Capability inventory: The skill has permissions to create directories and write multiple markdown files to the local file system.
  • Sanitization: There is no evidence of data validation or sanitization performed on the content extracted from the YAML file before it is used in the ADR generation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 12:13 PM