The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external data (Stories, plans, and conversation history) as primary inputs for evaluation. While the skill is intended to validate this data, the ingestion process represents an indirect prompt injection surface where malicious instructions in the artifacts could attempt to influence the coordinator or its workers.
Ingestion points: Input arguments storyId, plan, and context processed in Phase 1: Discovery (SKILL.md).
Boundary markers: Absent during the initial materialization and loading of target artifacts.
Capability inventory: Execution of local CLI scripts (node cli.mjs), management of background agent processes, and orchestration of multiple worker skills (ln-311 through ln-316).
Sanitization: No explicit sanitization or input validation logic for external data is detailed within the coordinator's ingestion logic.
[COMMAND_EXECUTION]: The coordinator executes shell commands via node to interact with a local evaluation runtime utility (shared/scripts/evaluation-runtime/cli.mjs). These commands are used for state management, agent registration, and recording worker results throughout the validation lifecycle (SKILL.md, Phases 0, 2, 3, 6, 8, 9).
[DATA_EXFILTRATION]: The skill accesses local project configuration files (e.g., .hex-skills/environment_state.json) and writes evaluation manifests and summaries to the filesystem. No evidence of unauthorized network transmission or exfiltration of sensitive data was identified during analysis.
[SAFE]: The skill implements automated security audits of target artifacts, specifically checking for and replacing hardcoded credentials with environment variable placeholders (Criterion #15, references/quality_validation.md).

ln-310-multi-agent-validator