The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves large amounts of data from the web across multiple research steps and incorporates that data into a final document without sanitization. A malicious site could contain instructions designed to influence the agent's behavior during the synthesis phase. • Ingestion points: Web search results processed in step-02 through step-06 files. • Boundary markers: Absent; there are no instructions to the agent to ignore embedded commands in the research data. • Capability inventory: File system write access and execution of a local Python script. • Sanitization: Absent.
[COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script located in the project root to handle configuration ('python3 {project-root}/_bmad/scripts/resolve_customization.py'). While this appears to be a standard framework utility for this author, the execution of scripts based on skill instructions is a sensitive operation that should be monitored.

bmad-domain-research