The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection. Ingestion points: The 'document-project' and 'deep-dive' workflows (e.g., in deep-dive-instructions.md) read project source files to generate summaries and documentation. Boundary markers: The workflow uses XML tags to separate instructions from code, but it does not consistently wrap ingested file content in unique delimiters with explicit instructions to ignore embedded commands. Capability inventory: The agent has the ability to write to the local filesystem, perform web searches, and execute shell commands (such as running the project's test suite or Git operations). Sanitization: No explicit sanitization or filtering of ingested file content was identified.
[EXTERNAL_DOWNLOADS]: The skill manifest (manifest.yaml) declares a dependency on the 'tea' module, referencing an NPM package and a GitHub repository under the 'bmad-code-org' organization. This is a legitimate component of the framework's extended ecosystem.
[COMMAND_EXECUTION]: Implementation workflows, including 'dev-story' and 'qa-generate-e2e-tests', include instructions to execute the project's own test commands and Git operations (e.g., 'git status', 'git diff') to verify changes. These operations are necessary for the skill's primary purpose of software engineering automation.

bmad-bmm