The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script at {project-root}/_bmad/scripts/resolve_customization.py to handle configuration merging. This execution uses fixed arguments and project-relative paths, which does not present a command injection risk.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core functionality of ingesting and analyzing untrusted project documents (PRDs, Epics, etc.). 1. Ingestion points: Identified in the 'Input Files' and 'Discovery Process' sections of SKILL.md. 2. Boundary markers: Absent; artifacts are loaded directly as foundational context. 3. Capability inventory: The agent has file system read/write access and can execute specific local Python scripts. 4. Sanitization: Content from the ingested artifacts is not sanitized before being added to the context. This is a known risk factor for skills that process external project data.

bmad-correct-course