The Agent Skills Directory

[SAFE]: The skill operates entirely on local project files within the 'docs/' directory. It identifies ADR files and validates their internal references and metadata without external connectivity.- [COMMAND_EXECUTION]: Uses standard shell commands including grep, sed, jq, and ls to parse ADR frontmatter and update the project manifest. These operations are restricted to the intended functional scope and do not involve shell injection vulnerabilities.- [DATA_EXPOSURE]: Access is limited to documentation files. No sensitive files (e.g., SSH keys, AWS credentials) or environment variables are accessed or exposed.- [INDIRECT_PROMPT_INJECTION]: While the skill ingests content from Markdown files (docs/adrs/*.md), the extraction logic uses fixed patterns via grep and sed. Data is handled as strings and passed to jq using the --arg flag, which prevents content from being interpreted as code or changing the command structure. The risk of indirect injection is negligible in this context.

blueprint-adr-validate