Fix security vulnerabilities found during AI agent prompt audit

Remove unrestricted Bash tool access from 7 agents that only need
analytical/advisory capabilities, rewrite the Social Media Strategist
agent (was a duplicate of Twitter Engager) to cover multi-platform
strategy as intended, fix incorrect descriptions, harden webhook
example to use env vars, and clarify ambiguous AMA language.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

support/support-infrastructure-maintainer.md

@@ -289,7 +289,9 @@ LOG_FILE="/var/log/backup.log"
 RETENTION_DAYS=30
 ENCRYPTION_KEY="/etc/backup/backup.key"
 S3_BUCKET="company-backups"
-NOTIFICATION_WEBHOOK="https://hooks.slack.com/services/YOUR/WEBHOOK/URL"
+# IMPORTANT: This is a template example. Replace with your actual webhook URL before use.
+# Never commit real webhook URLs to version control.
+NOTIFICATION_WEBHOOK="${SLACK_WEBHOOK_URL:?Set SLACK_WEBHOOK_URL environment variable}"
 
 # Logging function
 log() {