The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple git and filesystem commands using the ${STORY_ID} variable, which is derived from user arguments or internal status files. The lack of validation on this input presents a command injection risk if the identifier contains shell metacharacters.
[COMMAND_EXECUTION]: The skill implements an automated pipeline in Phase 2 that executes a sequence of commands from references/workflow-steps.md via a general-purpose sub-agent. These commands use a 'yolo' flag to bypass human-in-the-loop approval, which could be exploited to run destructive commands if the configuration or input is compromised.
[COMMAND_EXECUTION]: The skill performs automated git operations including git worktree add, git commit, and git merge in the local repository environment.
[COMMAND_EXECUTION]: The skill uses the Edit tool to programmatically modify project metadata files (sprint-status.yaml and implementation artifacts) based on the outcome of the automated pipeline execution.

bmad-story-pipeline-worktree