The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes npx bmad-method install to provision its environment. This command fetches the bmad-method package directly from the npm registry.
Evidence: npx bmad-method install commands in SKILL.md (Step 1 and Example 2).
REMOTE_CODE_EXECUTION (MEDIUM): Using npx with a package from an untrusted organization (bmad-code-org) allows for the execution of arbitrary scripts on the user's system during the installation process.
Evidence: The installation steps in SKILL.md require executing non-standard tooling via npx.
COMMAND_EXECUTION (LOW): The skill requires a variety of powerful system tools including Bash, Write, and Edit to function. These capabilities are expected for a development framework but increase the impact if the installation package is malicious.
Evidence: allowed-tools section in SKILL.md frontmatter.
INDIRECT_PROMPT_INJECTION (LOW): The skill processes external project artifacts (PRDs, Tech Specs) to drive its multi-agent orchestration, creating a surface for potential instruction injection.
Ingestion points: SKILL.md defines workflows like /prd and /tech-spec that process untrusted project data.
Boundary markers: Absent; no specific delimiters or instruction-ignore warnings are defined for the processed data.
Capability inventory: Bash, Write, Edit, and npx are available within the skill context.
Sanitization: Absent; there is no mention of input validation or sanitization for project files before they are processed by agents.

bmad