The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script resolve_customization.py located at {project-root}/_bmad/scripts/ during the activation phase to merge configuration files. This script is external to the skill's own directory.- [COMMAND_EXECUTION]: Multiple steps (3 through 12) utilize a 'Task tool' to 'spawn a subprocess' for specific validation tasks, such as measurability, density, and traceability checks. These operations involve running sub-tasks based on prompts generated at runtime.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It discovers and loads untrusted PRD documents and input files in step-v-01-discovery.md. This content is then interpolated into the agent's context and into the prompts used for analysis subprocesses in subsequent steps. There are no boundary markers or explicit sanitization routines to prevent malicious instructions embedded in the analyzed documents from influencing the agent's behavior.
Ingestion points: Untrusted document content is loaded from user-specified PRD files and linked input documents in step-v-01-discovery.md.
Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the source documents.
Capability inventory: The skill has capabilities to read and write files (for validation reports) and execute commands (the vendor Python script and the task tool subprocesses).
Sanitization: Absent; the document content is processed directly for pattern matching and analysis.

bmad-validate-prd