The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. User input provided as task descriptions is directly incorporated into the task subjects and context provided to sub-agents (analyst, architect, developer, and QA). This allows for potential manipulation of sub-agent behavior through crafted user requirements.
Ingestion points: User input from CLI arguments is captured in roles/coordinator/role.md and forwarded to worker agents via TaskCreate calls in roles/coordinator/commands/dispatch.md.
Boundary markers: The system lacks explicit delimiters or instructions for agents to ignore instructions embedded within the user-provided requirement text.
Capability inventory: The skill maintains access to tools such as Bash, Write, WebSearch, and WebFetch across its various roles.
Sanitization: The skill does not perform validation or escaping of external requirement text before it is used to populate agent prompts.
[COMMAND_EXECUTION]: The coordinator role executes shell commands using the Bash tool to manage the workspace and project structure, specifically for directory creation and path resolution. While these actions are intended for system coordination, the broad access to the shell environment is a significant capability.
[EXTERNAL_DOWNLOADS]: The skill documentation and analyst role logic reference an external dependency (ui-ux-pro-max-skill) as a recommended plugin for full feature support. This identifies a dependency on external code or configuration from a source outside the core skill package.

team-frontend