The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute local utility scripts (scripts/artifact-utils.py and scripts/adr-query.py). These commands are restricted to validating chain structures and computing hashes, utilizing relative paths to local repository assets.
[DATA_EXFILTRATION]: Transient validation artifacts are written to the local /tmp directory and cleaned up after Phase 3. This filesystem usage is strictly local, temporary, and does not involve network exfiltration or access to sensitive user files.
[PROMPT_INJECTION]: The skill ingests a Component Manifest which serves as a potential surface for indirect prompt injection. This risk is effectively mitigated by the skill's reliance on deterministic script-based validation rather than LLM reasoning for chain correctness, along with regex filtering for subdomain names to prevent command injection during script invocation.

chain-composer