The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface in the 'Re-validate' mode, where it reads previously generated markdown files from the molten-docs/validate/ directory. If a prior session was manipulated to include malicious instructions in a report file, those instructions could influence the agent when the file is re-read. This risk is mitigated by the skill's specific scoring anchors and hard-coded 'Operating principles' that enforce strict behavior. Mandatory Evidence Chain:
Ingestion points: User pitches via chat and existing report files in molten-docs/validate/.
Boundary markers: Absent; uses standard Markdown structure.
Capability inventory: File system read/write access and directory creation within the workspace.
Sanitization: Absent; relies on the LLM's inherent instruction-following capabilities.
[COMMAND_EXECUTION]: The skill instructions include the use of mkdir -p molten-docs/validate to ensure the required storage directory exists. This is a benign use of shell commands for local workspace organization.
[DATA_EXFILTRATION]: The skill is designed to keep data within the local workspace. It writes reports to a specific subdirectory and does not utilize any network-enabled tools or protocols to send data to external domains.

molten-validate