The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using the pattern python3 {project-root}/_bmad/scripts/resolve_customization.py during both the activation and completion phases. This execution relies on scripts located within the project's own directory structure.\n- [COMMAND_EXECUTION]: The workflow is designed to execute arbitrary steps defined in activation_steps_prepend, activation_steps_append, and on_complete. These steps are loaded from configuration files in the project root (_bmad/custom/), allowing the project content to dictate executable actions for the agent.\n- [REMOTE_CODE_EXECUTION]: By executing code and loading configurations directly from the {project-root}, the skill allows for the execution of untrusted logic if the repository being worked on is cloned from an external or malicious source. This represents a supply-chain risk where the repository author can gain command execution privileges on the user's system via the agent.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of untrusted project data.\n
Ingestion points: Reads customize.toml, project-specific .toml overrides, and persistent_facts which includes project-context.md globs.\n
Boundary markers: None identified; external content is treated as foundational context.\n
Capability inventory: Includes Python script execution, arbitrary workflow step execution, and test command execution.\n
Sanitization: No validation or sanitization is performed on the ingested configuration or facts before they influence agent behavior.

bmad-qa-generate-e2e-tests