The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script {project-root}/_bmad/scripts/resolve_customization.py during multiple phases of its workflow to handle configuration merging and resolution.
[COMMAND_EXECUTION]: The workflow is designed to dynamically execute commands specified in configuration fields such as activation_steps_prepend, activation_steps_append, and on_complete. These fields can be populated by project-local .toml files, enabling the execution of arbitrary instructions by the agent based on local configuration.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by performing a FULL_LOAD of numerous project documents (PRD, Epics, Architecture, UX, Specs) and other files matching the **/project-context.md glob. Maliciously crafted content in these files could potentially manipulate the agent's behavior, particularly given its ability to run shell commands.
Ingestion points: Multiple Markdown files are loaded from the project directory based on wildcard patterns defined in SKILL.md and customize.toml.
Capability inventory: The agent can execute shell commands via python3 and is instructed to treat specific configuration strings as terminal commands.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when ingesting these files.
Sanitization: The skill does not perform any sanitization or verification of the content loaded from the project artifacts.

bmad-correct-course