The Agent Skills Directory

[COMMAND_EXECUTION]: Uses the Bash tool to execute local utility scripts (generate-story-id.sh and scope-conflict-check.sh) for administrative tasks like generating story IDs and checking for file-scope overlaps. These operations are limited to project-specific files within the user-defined workspace.
[PROMPT_INJECTION]: The skill processes untrusted external data (PRDs, architecture documents) to generate stories, creating a surface for indirect prompt injection. 1. Ingestion points: prd.md, architecture.md, and other files in the bmad-output directory. 2. Boundary markers: No explicit delimiters are used during initial file ingestion, though subagent prompts use structured headers. 3. Capability inventory: The skill can read/write files and execute local bash scripts. 4. Sanitization: No sanitization is performed on documentation content before it is processed. However, the risk is mitigated by the skill's primary focus on generating human-readable planning artifacts rather than executable code.

bmad-epics-and-stories