The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses local shell commands to facilitate development tasks. Specifically, it executes git for version control management (commit, diff, status) and the code command to open generated specifications in VS Code for user review. These operations are scoped to the local environment and are standard for development tooling.
[PROMPT_INJECTION]: In step-01-clarify-and-route.md, the skill includes explicit defensive instructions to ignore directives within the user intent that attempt to bypass the workflow or skip security steps. This demonstrates an 'assume-malicious' posture regarding external input.
[INDIRECT_PROMPT_INJECTION]: The skill has an inherent surface for indirect injection as it processes untrusted data from planning artifacts and codebase files.
Ingestion points: Untrusted data enters the context from PRDs, Architecture docs, UX designs, and the user-provided intent string.
Boundary markers: The skill uses <frozen-after-approval> tags in spec-template.md and step-02-plan.md to isolate and protect the human's original intent from being modified during the automated implementation phase.
Capability inventory: The skill can write files, execute shell commands (git, code), and spawn sub-agents for specialized tasks.
Sanitization: Security is primarily managed through mandatory human checkpoints (e.g., Checkpoint 1 in step-02-plan.md) and multi-agent adversarial reviews in step-04-review.md.

bmad-quick-dev