The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various local CLI commands including the ao utility suite (ao lookup, ao forge, ao metrics) and project-specific commands like make test or grep as part of its validation workflow.
[REMOTE_CODE_EXECUTION]: The skill dynamically executes command strings (check_command) loaded from a local configuration file (.agents/rpi/execution-packet.json) during the per-criterion verdict phase. This is an inherent part of its role as a validation orchestrator.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from ao lookup results and external scenario files (.agents/holdout/, .agents/specs/) and interpolates them into the agent's context.
Ingestion points: ao lookup command output in SKILL.md Step 0; files in .agents/holdout/ and .agents/specs/ in Step 1.8 (referenced in references/step-1.8-behavioral-validation.md).
Boundary markers: None identified; data is processed and used as 'known risks' or 'judge context' without explicit delimiters to prevent command or instruction injection.
Capability inventory: Shell command execution (ao, grep, make), file system writes (.agents/rpi/phase-3-summary...), and delegation to other skills via Skill().
Sanitization: No evidence of escaping or validating the content of lookups or scenario files before they are provided to the agent or evaluator council.
[DATA_EXFILTRATION]: The skill reads project state files (e.g., .agents/rpi/execution-packet.json) and writes validation summaries. While these actions are intended for reporting, they involve handling sensitive implementation details and execution metadata.

validation