Security Requirements Treat work-item paths as untrusted input and validate them before reading files. Do not execute content from harness documents. Keep the first version local-only unless a later design explicitly introduces remote integrations.