AGIBuild/business-ux-design-review
.cursor/skills/business-ux-design-review/SKILL.md
Review business goals, PRDs, business flows, user journeys, and UX/interaction designs for completeness, clarity, logical consistency, and alignment with user needs. Use when the user asks to review a business goal/design proposal, PRD, process flow, user journey, or interaction plan.
$ install --global
skillsauthnpx skillsauth add AGIBuild/Fulora business-ux-design-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 10:38 PM7.1s1 file scanned
SKILL.md
- name:
- business-ux-design-review
- description:
- Review business goals, PRDs, business flows, user journeys, and UX/interaction designs for completeness, clarity, logical consistency, and alignment with user needs. Use when the user asks to review a business goal/design proposal, PRD, process flow, user journey, or interaction plan.
Business + UX Design Review
Role
Act as a senior Business Analyst and UX Expert. Critically review the provided business goal or design proposal.
When to Use
Apply this skill when the user provides or references:
- Business goals / OKRs / requirement goals
- PRD / user stories / requirement lists
- Business process flows / swimlanes / states & transitions
- User journeys / page flows / interaction specs / prototypes (textual)
- A technical/design proposal that includes business rules or UX flows
Output Language
- Respond in Chinese.
- Keep any code/config/identifiers in English (verbatim).
Review Workflow
- Restate inputs (very briefly): what artifacts you received and what’s missing (if any).
- Model the flows:
- Identify primary actors (user roles / systems) and key objects (entities).
- Summarize the happy path as numbered steps.
- List alternative paths and exception paths.
- Run the 4-dimension review (below) and collect findings with evidence.
- Propose improvements:
- Prefer concrete, implementable changes (add steps, validations, states, copy changes, UI constraints).
- Avoid vague “consider improving UX” statements.
- Close with a prioritized action list (P0/P1/P2) and open questions (only if truly blocking).
4-Dimension Review Checklist
1) Business Process Completeness
Check whether the process covers:
- Start/end conditions, ownership, handoffs (who does what, when)
- Data inputs/outputs at each step
- Preconditions and postconditions
- Critical scenarios:
- New user vs existing user
- No data / partial data / invalid data
- Permission/role mismatch
- Timeouts, retries, idempotency (where applicable)
- Cancellation, rollback, reversals (e.g., refunds, undo, revoke)
- Concurrency conflicts (double submit, duplicate requests)
- Cross-channel consistency (web/mobile/admin) if mentioned
Deliverables to verify:
- State machine or status definitions (if entities have lifecycle)
- Business rules and calculations (inputs, formula, rounding, currency/timezone)
- SLA/latency expectations if business depends on timing
2) User Flow Clarity & Misoperation Risk
Check whether the user can:
- Understand what to do next at every step (clear CTAs, progressive disclosure)
- Recover from mistakes (undo, confirmation, safe defaults)
- Avoid confusion:
- Similar actions that look the same but have different outcomes
- Hidden constraints (e.g., required fields, format, limits) discovered too late
- Unclear terminology (labels, error messages, domain terms)
- Avoid accidental harmful actions:
- Destructive operations need confirmation and clear consequences
- Multi-step submissions prevent double-submit and show progress/state
Also assess:
- Information architecture (grouping, navigation, step order)
- Accessibility basics for flows (keyboard-only, focus, readable copy) if UI is described
3) Business Logic Soundness (Conflicts / Loopholes)
Check for:
- Conflicting rules across sections (e.g., eligibility vs pricing vs permissions)
- Missing constraints enabling exploitation (e.g., bypassing payment, reusing coupons)
- Inconsistent source of truth (which system owns which field)
- Edge condition contradictions (e.g., “must be approved” but “auto-activate”)
- Auditability: what must be logged (who/when/what changed), compliance needs if implied
4) Alignment: User Needs vs Business Goals
Validate:
- The proposed flow supports the stated goals/metrics (conversion, retention, cost)
- Users’ primary jobs-to-be-done are enabled with minimal friction
- The design doesn’t optimize a metric at the expense of trust/usability (dark patterns)
- Stakeholder goals are reconciled (end-user vs admin vs ops) where relevant
Finding Template (Use This Structure)
For each finding, include:
- 问题:一句话描述问题
- 影响:对用户/业务/风险的影响(可量化更好)
- 证据/出处:引用用户提供的段落/步骤/页面(用“第X步/某段描述”即可)
- 建议:可执行的改进(包含流程/规则/UI/文案/校验点)
- 优先级:P0(阻断/高风险)/ P1(重要)/ P2(优化)
Output Format
Use this structure in your response:
-
概览
- 目标/范围(1-2 行)
- 关键假设(仅在必要时)
-
流程梳理
- Happy path(编号步骤)
- 关键分支与异常(列表)
-
问题与改进建议(按维度)
- 业务流程完整性
- 用户流程清晰度与误操作风险
- 业务逻辑合理性(漏洞/冲突)
- 需求与目标对齐
-
优先级行动清单
- P0 / P1 / P2(每项一句话 + 指向建议)
-
(可选)需要澄清的问题
- 仅列出阻断主线判断的关键缺失信息
Related Skills
AGIBuild/self-improvement
tools
VerifiedTrustedCommunity
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/security-headers
testing
VerifiedTrustedCommunity
Security headers configuration and best practices for ASP.NET Core Razor Pages applications. Covers CSP, HSTS, X-Frame-Options, and comprehensive security middleware setup. Use when configuring security headers in ASP.NET Core applications, implementing Content Security Policy (CSP), or setting up HSTS and other security-related HTTP headers.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/security-design-review
development
VerifiedTrustedCommunity
Reviews designs and business goals for security vulnerabilities, data protection (in transit/at rest), authorization, and compliance alignment. Use when the user asks for a security review, threat modeling, attack surface analysis, data leakage prevention, or compliance/security assessment.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/Razor Pages Patterns
development
VerifiedTrustedCommunity
Best practices for building production-grade ASP.NET Core Razor Pages applications. Focuses on structure, lifecycle, binding, validation, security, and maintainability in web apps using Razor Pages as the primary UI framework. Use when building Razor Pages applications, designing PageModels and handlers, implementing model binding and validation, or securing Razor Pages with authentication and authorization.
8SKILL.mdUpdated Apr 16, 2026