The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Python scripts (_bmad/scripts/resolve_customization.py) located within the project directory to manage its workflow configuration, resolve overrides, and handle completion logic. It also makes extensive use of CLI tools including git and gh to retrieve code diffs, branch information, and pull request details.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) because it ingests untrusted data from external sources and processes it through various LLM subagents. While this is inherent to its purpose as a code review tool, the data is handled without specific sanitization or boundary markers.
Ingestion points: Untrusted data enters the workflow via git diff outputs, user-provided specification files (specs), and context documents referenced within those specs.
Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions when passing untrusted code/spec content to subagents like the 'Blind Hunter' or 'Acceptance Auditor'.
Capability inventory: The skill can perform file system writes (appending findings to story files and deferred work logs in Step 4) and execute local scripts (SKILL.md).
Sanitization: Absent; the skill does not implement escaping or validation for the content of the diffs or specs before they are processed by the agent layers.

bmad-code-review