The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill passes raw {{ARGUMENTS}} directly to a sub-agent (oh-my-claudecode:designer) or a Gemini MCP tool. Because these destinations have code-writing capabilities, malicious input could bypass the initial agent's constraints and execute unauthorized actions. * Ingestion points: The {{ARGUMENTS}} variable in SKILL.md used for routing tasks. * Boundary markers: None. The input is interpolated directly into the task prompt without delimiters or 'ignore' instructions. * Capability inventory: The destination agent is explicitly tasked with 'Component design and implementation', which involves file-system modifications and code generation. * Sanitization: None. There is no evidence of input validation or escaping before the data is passed downstream.

frontend-ui-ux