The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it is designed to discover and ingest untrusted project documentation into the agent context.\n
Ingestion points: step-01-init.md identifies and loads documents (PRDs, briefs, project context) from multiple local directories including {product_knowledge} and {project-root}/docs.\n
Boundary markers: The workflow lacks explicit boundary markers or 'ignore' instructions for the agent when processing these external documents.\n
Capability inventory: The skill possesses capabilities for shell command execution (via python3), file system modification (writing .md and .html files), and invocation of other bmad-* skills.\n
Sanitization: Content from discovered documents is loaded without validation or sanitization.\n- [COMMAND_EXECUTION]: The skill executes local Python scripts (resolve_customization.py) to manage customization and workflow completion as seen in SKILL.md and step-14-complete.md. These scripts are located in the project's _bmad/scripts/ directory and are part of the vendor's internal architecture.\n- [COMMAND_EXECUTION]: The workflow involves generating interactive HTML files (ux-color-themes.html and ux-design-directions.html) to visualize design decisions. This constitutes dynamic generation of UI code based on project context, which is a standard feature for this skill type.

bmad-create-ux-design