The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled shell script (scripts/readiness-check.sh) to automate artifact discovery and keyword-based quality checks.
Evidence: The skill calls bash "${CLAUDE_PLUGIN_ROOT}/skills/bmad-readiness-check/scripts/readiness-check.sh" <output-folder> to identify planning files.
Context: The script is part of the skill package and uses standard utilities like find and grep to scan the project directory for requirements and architecture documentation. No remote commands or arbitrary code execution from external sources were found.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from user-provided planning artifacts.
Ingestion points: Markdown files (PRD, architecture documents, epics) located in the user-specified directory are read into the agent's context during Step 2 of the workflow.
Boundary markers: Absent; the content is parsed directly for requirements and architectural patterns.
Capability inventory: Bash (bundled script), Write (report generation), Read, and TodoWrite tools.
Sanitization: Absent; however, the skill's logic is constrained to extracting specific structural elements (e.g., requirement labels like FR-001) rather than following instructions within the analyzed documents.
[DATA_EXFILTRATION]: No network access or data exfiltration patterns were detected. The skill reads local project files and writes a summary report back to the local filesystem.

bmad-readiness-check