The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by ingesting untrusted external artifacts such as technical specifications, product requirements, and test design documents.
Ingestion points: step-01-load-context.md loads tech-spec.md, PRD.md, and other project artifacts into the agent's context.
Boundary markers: The workflow lacks explicit delimiters or instructions for the agent to ignore potentially malicious embedded commands within these external documents.
Capability inventory: The skill has high privileges, including terminal command execution (python3, playwright-cli), file writing via write_file, and the ability to dispatch autonomous subagents (step-04-evaluate-and-score.md).
Sanitization: No sanitization logic is implemented for external content before it is used to drive the assessment logic.
[COMMAND_EXECUTION]: The skill requires the execution of shell commands to function correctly, which is consistent with its role as an automated assessment tool.
Project Scripts: It executes python3 scripts located in the project root (_bmad/scripts/resolve_customization.py) to manage configuration overrides and workflow terminal hooks (SKILL.md, step-05-generate-report.md).
Evidence Gathering: The agent is instructed to use playwright-cli to perform live network inspection and capture evidence from target URLs (step-03-gather-evidence.md).
Context: These executions are documented as core functionalities for evidence-based validation of performance and security requirements.

bmad-testarch-nfr