The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute internal scripts: 'scripts/validate-brief.sh' for document verification and 'scripts/discovery-checklist.sh' for displaying a discovery questionnaire. These scripts operate locally and do not perform network operations or access sensitive system files.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. 1. Ingestion points: User-provided responses from the discovery conversation are collected to populate the product brief. 2. Boundary markers: No delimiters or protective warnings are used when inserting user input into the 'product-brief.template.md' placeholders. 3. Capability inventory: The skill has the ability to execute bash scripts and write files to the 'bmad-output/' directory as specified in SKILL.md. 4. Sanitization: User input is not sanitized or escaped before being written to the output markdown files.

bmad-product-brief