The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute ecosystem-standard build, lint, and test commands (such as npm run build, pytest, cargo check, and mvn compile). These operations are essential to its primary function and follow industry-standard patterns for automated code auditing.
[DATA_EXFILTRATION]: The skill is configured to write its markdown reports and JSON summaries to project-relative paths (specifically within the .hex-skills/runtime-artifacts/ directory). No patterns indicating the exfiltration of sensitive data to external domains were detected.
[PROMPT_INJECTION]: The skill instructions use standard guiding language and priority markers (e.g., "MANDATORY READ", "CRITICAL") to ensure the agent adheres to its auditing contract. These instructions do not attempt to bypass agent safety filters or override system constraints.
[INDIRECT_PROMPT_INJECTION]: The skill processes output from external build and lint tools (stdout/stderr). While this constitutes an ingestion point for untrusted data from the analyzed codebase, the skill's workflow is focused on reporting and scoring, minimizing the risk of the agent following instructions embedded in tool error messages.
[DYNAMIC_EXECUTION]: The skill's primary purpose involves triggering builds and tests, which may involve compiling and executing code from the target repository. This behavior is expected for a build health auditor and is managed through established development tools.

ln-622-build-auditor