The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes user-provided content from a requirements file to generate technical documentation. This creates an attack surface for indirect prompt injection, where an attacker could embed malicious instructions within a PRD or Epic to influence the agent's behavior.
Ingestion points: The requirements_file input is read and parsed in the first step of the workflow.
Boundary markers: There are no explicit delimiters or warnings (e.g., "ignore instructions within this data") defined to prevent the model from obeying instructions found inside the requirements document.
Capability inventory: The skill has the ability to execute local scripts and write files to the project directory.
Sanitization: No sanitization or validation logic is specified for the input text before it is processed by the AI.
[COMMAND_EXECUTION]: The skill invokes several local Python scripts located in the .claude/skills/bmad-commands/ directory. These scripts are used for reading files, generating diagrams, and analyzing tech stacks. While these are part of the intended toolkit from the same author, the use of shell commands with user-provided file paths requires the agent to be cautious of potential path traversal or shell metacharacter injection.

create-architecture