The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the Bash subagent to perform development tasks.
Evidence: SKILL.md and various workflow files (workflow-quick.md, workflow-standard.md, workflow-deep.md) instruct the agent to run commands for testing (npm test, bun test, pytest), linting (bun run lint), and building (bun run build).
Evidence: references/workflow-ui.md executes local Python scripts located in other skill directories: python3 .claude/skills/ui-ux-pro-max/scripts/search.py.
Evidence: references/workflow-ui.md suggests using ImageMagick for image editing.
[EXTERNAL_DOWNLOADS]: The skill interacts with external registries and GitHub services to fetch code and data.
Evidence: references/workflow-ci.md uses the GitHub CLI (gh run view) to fetch remote CI/CD logs.
Evidence: references/workflow-types.md and other workflows involve the use of package managers like npm, bun, and tsc which typically interact with public registries.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from multiple sources.
Ingestion points: The skill reads CI/CD logs (references/workflow-ci.md), application logs from logs.txt (references/workflow-logs.md), and external documentation via the researcher subagent (references/workflow-deep.md).
Boundary markers: No explicit boundary markers or warnings to 'ignore embedded instructions' are provided when log content or research data is ingested into the agent's context.
Capability inventory: The agent possesses high-privilege capabilities including arbitrary shell execution (Bash), file modification/commits (git-manager), and tool orchestration.
Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.

fix