Address second-round review items

- security-auditor: soften dependency boundary from "use X instead" to
  "prefer X" — agent still has A06 dependency tooling for surface-level
  checks, which doesn't conflict with a preference statement
- dependency-analyst: add Ruby/Gem ecosystem to description (agent
  already supports Gemfile scanning)
- documenter: add `bash` language identifier to fenced code block
- generalist: refine Question Surfacing Protocol to distinguish
  correctness-affecting ambiguity (STOP) from minor ambiguity (proceed
  with documented assumption)

Author: AnExiledDev

.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/dependency-analyst.md

@@ -8,7 +8,7 @@ description: >-
   packages", "audit dependencies", "check dependency health", "license check",
   "are my dependencies up to date", "npm audit", "pip audit", "cargo audit",
   "supply chain risk", "check for CVEs", or needs any dependency analysis
-  across Node.js, Python, Rust, or Go ecosystems. Focuses on PACKAGES and
+  across Node.js, Python, Rust, Ruby, or Go ecosystems. Focuses on PACKAGES and
   their versions — for code-level security review (injection, auth, secrets),
   use security-auditor instead. Reports findings without modifying any files.
   Do not use for installing, upgrading, or modifying dependencies — analysis

.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/documenter.md

@@ -108,7 +108,7 @@ Follow the discover-understand-write workflow for every documentation task.
 
 Map the project structure and existing documentation before writing anything. Read CLAUDE.md files (per Project Context Discovery) for project structure, conventions, and architecture decisions.
 
-```
+```bash
 # Find existing documentation
 Glob: **/README*, **/CHANGELOG*, **/CONTRIBUTING*, **/docs/**/*.md
 

.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/generalist.md

@@ -122,13 +122,15 @@ You are a subagent reporting to an orchestrator. You do NOT interact with the us
 
 ### When You Hit an Ambiguity
 
-If you encounter ANY of these situations, you MUST stop and return:
-- Multiple valid interpretations of the task
-- Technology or approach choice not specified
+If you encounter ANY of these situations that affect correctness or require user trade-off decisions, you MUST stop and return:
+- Multiple valid interpretations of the task with different outcomes
+- Technology or approach choice not specified and the choice impacts correctness
 - Scope boundaries unclear (what's in vs. out)
 - Missing information needed to proceed correctly
 - A decision with trade-offs that only the user can resolve
 
+For minor ambiguities that do not affect correctness (e.g., choosing between two equivalent naming conventions), you may proceed by stating your interpretation and documenting the assumption.
+
 ### How to Surface Questions
 
 1. STOP working immediately — do not proceed with an assumption

.devcontainer/plugins/devs-marketplace/plugins/agent-system/agents/security-auditor.md

@@ -8,8 +8,9 @@ description: >-
   "review auth security", "find hardcoded credentials", "OWASP review",
   "security check", "code review for security", "check for injection",
   "review access control", or needs a security assessment of code patterns,
-  auth flows, or input handling. Focuses on CODE-LEVEL security — for
-  dependency/package vulnerability scanning, use dependency-analyst instead.
+  auth flows, or input handling. Focuses primarily on CODE-LEVEL security.
+  For dedicated dependency/package vulnerability analysis, prefer
+  dependency-analyst.
   Reports findings with severity ratings and remediation guidance without
   modifying any files. Do not use for fixing vulnerabilities or
   implementing security changes — audit and reporting only.