The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is instructed to parse and execute shell commands located in the '## VALIDATION COMMANDS' section of implementation plan files. Although it includes instructions to avoid destructive operations, this mechanism allows for arbitrary command execution driven by file content.
Evidence: Step 2 'Run validation commands' instructs the agent to run commands found in the plan file's validation section.
[PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by ingesting and acting upon instructions found in external, potentially untrusted markdown files.
Ingestion points: Reads plan files (e.g., '.agents/plans/*.md'), 'acceptance_criteria.md', and user request messages to determine validation logic.
Boundary markers: No specific delimiters or safety instructions are defined to separate ingested data from agent instructions.
Capability inventory: The agent has extensive capabilities including reading any file in the codebase, executing shell commands, and writing files to the '.agents/acceptance-validations/' directory.
Sanitization: No sanitization or validation of the content found in the plan files or criteria documents is performed before it is used to drive the agent's logic.

acceptance-criteria-validate