The Agent Skills Directory

[PROMPT_INJECTION]: The skill features a significant indirect prompt injection surface due to its multi-agent orchestration logic. Untrusted data from project files (e.g., package.json, source code) and external design intelligence is ingested by the researcher and then passed through a chain of roles (designer, reviewer, implementer) to influence their actions.\n
Ingestion points: The researcher role scans the project codebase using Glob and Grep tools and retrieves external data via the 'ui-ux-pro-max' skill. The coordinator role processes these outputs and worker messages to advance the pipeline.\n
Boundary markers: The skill uses structural task headers like 'PURPOSE' and 'TASK', but it lacks explicit 'ignore embedded instructions' markers or secure delimiters to protect against malicious instructions contained within the analyzed files.\n
Capability inventory: The system has high-privilege capabilities including Bash, Agent (for background sub-agent spawning), and WebFetch.\n
Sanitization: There is no evidence of sanitization or validation for external data before it is interpolated into subsequent agent prompts or used in control logic.\n- [PROMPT_INJECTION]: The coordinator role directly interpolates user-provided requirements into the prompts of spawned sub-agents. A malicious user could provide a crafted requirement designed to override the sub-agent's role-specific instructions.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for environment setup, session directory management, and executing CLI tools. The use of shell commands with dynamically generated session paths and task metadata presents a risk if these inputs are not strictly controlled.\n- [EXTERNAL_DOWNLOADS]: The researcher role relies on calling an external skill, 'ui-ux-pro-max', to fetch industry-specific design guidelines. This introduces a dependency on external content that influences the downstream designer and implementer roles.

team-uidesign