The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Python scripts (resolve_customization.py) and arbitrary shell commands defined in the activation_steps_prepend and activation_steps_append arrays within customize.toml or its project-specific overrides. This enables dynamic behavior based on content in configuration files.
[PROMPT_INJECTION]: The workflow involves an exhaustive analysis phase that ingests content from external sources such as PRDs, architecture documents, UX designs, and epic files. This presents an indirect prompt injection surface where malicious instructions embedded in these documents could influence the downstream developer agent's output. Ingestion points: SKILL.md (Step 2), discover-inputs.md (Step 2). Boundary markers: None identified in the provided files. Capability inventory: File system read/write operations and command execution via resolve_customization.py and activation steps. Sanitization: No explicit sanitization or validation of the ingested document content is performed before interpolation into the final story output.
[EXTERNAL_DOWNLOADS]: The skill performs web research (Step 4) to fetch information about library versions and API documentation. This is a network operation that retrieves data from external sources to influence the agent's output.

bmad-create-story