The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill explicitly instructs the agent to execute shell commands using python3 to run scripts located in $HOME/.claude/skills/ui-ux-pro-max/scripts/search.py. This assumes the presence and safety of an external skill that is not part of the trusted list. If that skill is compromised or the path is manipulated, it leads to arbitrary code execution.
PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: Untrusted data enters via the $ARGUMENTS variable in SKILL.md within the <tasks> tags.
Boundary markers: The content is wrapped in XML-like tags (<tasks>), but there are no instructions for the agent to ignore embedded commands or treat the content as data only.
Capability inventory: The skill has the capability to execute subprocesses (python3 scripts) and write to the local file system (./docs/design-guidelines.md).
Sanitization: There is no evidence of input validation or sanitization before passing these tasks to subagents or using them to drive script execution.
PROMPT_INJECTION (LOW): The skill uses behavioral framing ('ALWAYS REMEMBER that you have the skills of a top-tier UI/UX Designer') which, while benign here, reflects a pattern of using instructions to override default agent persona constraints.

design-good