The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is configured to execute a script at {project-root}/_bmad/scripts/resolve_customization.py using the uv run command immediately upon activation. This behavior creates a security dependency on the integrity of scripts within the user's project directory, which could be compromised in collaborative or untrusted environments.
[PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by recursively searching for and loading all files named project-context.md within the project root. The content of these files is adopted as foundational reference for the agent's behavior without sanitization. • Ingestion points: {project-root}/_bmad/bmm/config.yaml and {project-root}/**/project-context.md as specified in SKILL.md. • Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present. • Capability inventory: The skill can execute shell commands via uv run and dispatch calls to other registered skills. • Sanitization: The skill does not perform any validation or filtering on the content loaded from the project directory.

bmad-agent-pm