The Agent Skills Directory

[External Downloads] (LOW): The SKILL.md file provides installation instructions using an untrusted external source (https://github.com/supercent-io/skills-template). While the skill does not perform downloads at runtime, this metadata points users to unverifiable third-party code.\n- [Command Execution] (SAFE): The skill uses the Bash tool to execute local scripts (init-project.sh, check-status.sh, validate-config.sh) for project setup and status reporting. These scripts rely on standard system utilities like mkdir, grep, and sed to manipulate configuration files and do not exhibit high-risk behaviors such as privilege escalation or persistence.\n- [Indirect Prompt Injection] (LOW): The skill reads project metadata and status from local YAML files (bmad/config.yaml and docs/bmm-workflow-status.yaml). It lacks boundary markers and sanitization for the content of these files, creating a surface where malicious instructions embedded in the project documentation could be parsed by the agent.\n
Ingestion points: scripts/check-status.sh and scripts/validate-config.sh read YAML config and status files.\n
Boundary markers: None found in the logic or templates.\n
Capability inventory: Access to Read, Write, Bash, Grep, and Glob tools.\n
Sanitization: No escaping or validation of external content from YAML files before processing.

bmad-orchestrator