The Agent Skills Directory

[SAFE]: The skill uses a set of internal Node.js scripts (located in references/scripts/) to manage project state and workflow transitions. Analysis of these scripts confirms they rely on standard Node.js modules (node:fs, node:path, node:crypto) and do not perform any external network requests or download untrusted code.\n- [COMMAND_EXECUTION]: The SKILL.md instructions define specific shell command templates for the agent to execute (e.g., node references/scripts/.../cli.mjs). These commands are used strictly for local state management. The scripts use the parseArgs utility and implement internal sanitization (such as the safeIdentifier function) to ensure that arguments used in file paths or logic are constrained to safe alphanumeric patterns.\n- [DATA_EXPOSURE]: The skill manages runtime artifacts within the .hex-skills/ directory. The resolveArtifactWritePath function in references/scripts/coordinator-runtime/lib/artifacts.mjs provides a security boundary by verifying that artifacts are not written to the project root or via path traversal techniques.\n- [INDIRECT_PROMPT_INJECTION]: The skill defines a workflow that processes project documentation (e.g., requirements.md, architecture.md). While this represents a potential ingestion surface for untrusted data, the orchestrator minimizes risk by delegating the actual reading and processing to subordinate skills (ln-210, ln-220) rather than interpolating raw document content directly into its own top-level prompts. Furthermore, all state data exchanged between components is validated against strict JSON schemas defined in references/scripts/coordinator-runtime/lib/schemas.mjs.

ln-200-scope-decomposer