The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell scripts and Python utilities for validation and synchronization tasks. Evidence includes the invocation of ./hooks/pre_adr_generation.sh, ./hooks/post_adr_generation.sh, and Python scripts like ai_dev_ssd_flow/05_ADR/scripts/validate_adr.py and ai_dev_ssd_flow/scripts/update_traceability_matrix.py during different phases of the workflow.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted user-controlled data from upstream documents. * Ingestion points: Files located in docs/01_BRD/, docs/02_PRD/, docs/03_EARS/, and docs/04_BDD/. * Boundary markers: The skill does not define specific delimiters or instructions to the agent to disregard embedded commands in the source documents. * Capability inventory: The skill can read from and write to the filesystem and execute shell commands/Python scripts. * Sanitization: There is no evidence of content sanitization or validation performed on the text extracted from input documents before it is used to generate ADR sections.

doc-adr-autopilot