The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests untrusted data from external task trackers (Epic descriptions and success criteria) during Phase 1. This creates a surface for indirect prompt injection where a malicious Epic could attempt to influence the agent's story decomposition.
Ingestion points: Epic data is resolved via the configured tracker provider (Linear/GitHub/File) in Phase 1 (SKILL.md).
Boundary markers: The skill does not explicitly define markers to isolate ingested Epic data in the planning prompts.
Capability inventory: The skill can execute local Node.js management scripts, delegate to worker skills via Skill invocation, and perform mutations via tracker provider tools (references/scripts/planning-worker-runtime/cli.mjs).
Sanitization: Verification is limited to validateTemplateCompliance, which checks for mandatory section headers in Markdown but does not perform content sanitization (references/scripts/planning-runtime/lib/template-compliance.mjs).
[COMMAND_EXECUTION]: The skill executes local management scripts under references/scripts/ to handle state transitions and record checkpoints. These operations are strictly limited to the project's .hex-skills/ directory and are part of the standard runtime framework.

ln-220-story-coordinator