The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses dynamic context injection (placeholder !) in the SKILL.md file to execute shell commands at load time. One specific command, !echo "${1:---}", incorporates a positional argument directly into the shell string. This pattern can lead to command injection if the underlying platform does not sanitize user-supplied arguments before the shell evaluates them.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform project maintenance, including an operation in Step 7 that uses jq to modify docs/blueprint/manifest.json. While these operations are targeted at project documentation, the capability to perform arbitrary file writes via shell redirection and mv commands represents a significant execution surface.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it is designed to ingest and act upon data from markdown files within the repository.
Ingestion points: The skill reads all markdown files from the docs/adrs/ directory during Step 1 and Step 2.
Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the ADR files it analyzes.
Capability inventory: The agent has access to powerful tools including Bash, Edit, and Read, which could be abused if the agent is manipulated by content in the analyzed files.
Sanitization: The skill extracts content using grep and sed without performing validation or sanitization on the extracted values before using them in further logic.

blueprint-adr-validate