The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard shell utilities including find, grep, and ls to locate and analyze local documentation files within the project's docs/ directory. These operations are essential for its function as an automation pipeline and are restricted to the local filesystem.- [REMOTE_CODE_EXECUTION]: The workflow involves executing a local Python script (validate_adr.py) and a traceability matrix update script located within the ai_dev_ssd_flow/ directory. These are project-internal resources and no evidence of remote script downloading or execution (e.g., via curl | bash) was found.- [DATA_EXFILTRATION]: The tool processes local documentation artifacts (BRD, PRD, EARS, BDD) to generate new records. It does not perform network operations, and no attempts to access sensitive system paths (such as SSH keys or environment secrets) were detected.- [PROMPT_INJECTION]: The instructions are focused on structured document generation, orchestration of sub-skills, and validation rules. There are no patterns indicative of attempts to bypass safety filters or override agent constraints.- [PROMPT_INJECTION]: (Indirect) The skill possesses an indirect prompt injection surface as it ingests untrusted data from project documents to generate ADR content. \n
Ingestion points: Reads content from docs/01_BRD/, docs/02_PRD/, docs/03_EARS/, and docs/04_BDD/. \n
Boundary markers: The skill does not specify the use of delimiters or instructions to ignore embedded prompts in the source documents. \n
Capability inventory: The skill can write files to the docs/05_ADR/ directory and execute local shell commands. \n
Sanitization: No explicit sanitization or filtering of extracted content is defined. \n This risk is considered inherent to the tool's primary purpose of document analysis.

doc-adr-autopilot