The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes a local Python script (_bmad/scripts/resolve_customization.py) during initialization and at the end of the workflow to manage configuration settings. These operations are restricted to the local environment and the vendor's own script infrastructure.
[COMMAND_EXECUTION]: The workflow includes an on_complete hook that executes a command defined in the user's local configuration. This is a standard extensibility pattern for development tools and is gated by local configuration files.
[DATA_EXPOSURE]: The skill implements a 'discovery' phase that reads local project files (such as product briefs, research notes, and project context) to inform the PRD content. This data remains within the local agent context and is not exfiltrated.
[PROMPT_INJECTION]: The skill uses a disciplined 'step-file architecture' with clear instructions to process one file at a time, which helps maintain operational integrity and prevents sequence bypassing.
[SAFE]: All external skill invocations (Advanced Elicitation, Party Mode) and data lookups (CSV files) are part of the intended product management facilitation logic provided by the vendor 'bmad-labs'.

bmad-create-prd