The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes a local utility script scripts/design-scan.sh to automate code reviews. The script is securely written, using strict error handling and proper shell quoting to mitigate command injection risks.\n- [PROMPT_INJECTION]: As the skill ingests untrusted code for analysis, it possesses an indirect prompt injection surface. Ingestion points: UI source code files specified in the globs frontmatter. Boundary markers: A strict, gate-based review framework and failure-only reporting format in SKILL.md provide significant structural constraints. Capability inventory: Execution of a local shell script and LLM-based source code review. Sanitization: The included scanner script escapes output content for its JSON reporting mode.\n- [SAFE]: No network communication, data exfiltration, or credential access mechanisms were identified. The skill is scoped to UI component auditing and operates entirely within the local environment.

design-qa