# Can PM Skills Execute External Tools?

> Discover if PM Skills can execute external tools. Learn how this catalog of PM workflows integrates with AI assistants, while the host platform manages tool execution.

- Repository: [Pawel Huryn/pm-skills](https://github.com/phuryn/pm-skills)
- Tags: deep-dive
- Published: 2026-06-19

---

**PM Skills cannot directly execute external tools; it is a catalog of declarative Markdown definitions that describes product‑management workflows for AI coding assistants, while the host platform (Claude, Gemini, etc.) handles the actual invocation of any external utilities.**

PM Skills is a specialized repository containing skills, commands, and plugin manifests written in Markdown. While it provides structured workflows for AI coding assistants, the repository itself contains **no runtime execution engine** capable of launching external programs or shell commands.

## What Is PM Skills?

PM Skills serves as a **declarative catalog** of product‑management workflows designed for AI assistants like Claude, Gemini CLI, and Cursor. The repository organizes these workflows as Markdown files—defining skills, commands, and plugin manifests—rather than executable scripts. According to the source code in [`CLAUDE.md`](https://github.com/phuryn/pm-skills/blob/main/CLAUDE.md), the project follows a strict design philosophy where commands function as descriptive verbs rather than execution mechanisms.

## Why PM Skills Cannot Execute External Tools

### No Runtime Code or Subprocess Calls

A comprehensive search of the entire codebase reveals **zero occurrences** of `subprocess`, `os.system`, `sh`, or any other mechanism that spawns child processes. The repository contains no runtime code capable of launching external binaries. The only Python script, [`validate_plugins.py`](https://github.com/phuryn/pm-skills/blob/main/validate_plugins.py), functions strictly as a **static validator** that checks JSON manifest integrity and front‑matter syntax without ever invoking external programs.

### Commands as Declarative Verbs

The architectural design explicitly prohibits execution. In [`CLAUDE.md`](https://github.com/phuryn/pm-skills/blob/main/CLAUDE.md), the core design rule states that *"Commands use a single `$ARGUMENTS` placeholder. Skills need no placeholders (they read context from the conversation)."* This structure confirms that commands are **interpreted by the host AI platform**, not executed by the repository itself. The Markdown files provide blueprints that tell the AI what steps to perform, but they contain no logic to run those steps directly.

## How External Tool Orchestration Actually Works

While PM Skills cannot execute tools, it can **orchestrate** them through documentation. Consider the `/ship-check` command defined in [`pm-ai-shipping/commands/ship-check.md`](https://github.com/phuryn/pm-skills/blob/main/pm-ai-shipping/commands/ship-check.md). This command *coordinates* specialist sub‑commands like `/document-app` and `/security-audit-static` to produce a final shipping artifact. However, the Markdown file only documents the sequence:

```markdown
---
description: Turn a vibe‑coded repo into a reviewer‑ready shipping packet …
argument-hint: "<repo path or area; defaults to the whole repository>"
---
/ship-check …

```

The actual execution of `/document-app`, `/security-audit-static`, or any external audit tool happens within the **surrounding AI environment** (Claude Desktop, Gemini CLI, etc.), not inside the PM Skills repository. The repository provides the recipe; the host platform provides the kitchen.

## Code Evidence of Non‑Execution

The static nature of the codebase is evident in the validator script:

```python

# validate_plugins.py (conceptual representation)

def main():
    # Loads JSON manifests, checks required fields, validates front‑matter.

    # No call to subprocess or os.system.

    pass

```

Similarly, command definitions contain only declarative metadata:

```markdown

# Located in pm-ai-shipping/commands/ship-check.md

# This file documents workflow steps but contains no executable code

# to run external security scanners or documentation generators.

```

## Summary

- **PM Skills** is a **declarative Markdown catalog**, not a runtime execution environment.
- The repository contains **zero subprocess calls** or system invocation mechanisms.
- **Commands** are descriptive verbs interpreted by host AI platforms (Claude, Gemini, Cursor), not executors.
- **External tool orchestration** is delegated to the host environment; PM Skills only provides the workflow definition.
- The [`validate_plugins.py`](https://github.com/phuryn/pm-skills/blob/main/validate_plugins.py) script performs static validation only, checking manifest syntax without spawning external processes.

## Frequently Asked Questions

### Can PM Skills run shell commands or scripts?

No. PM Skills contains no runtime code capable of executing shell commands. The repository consists entirely of Markdown documentation and JSON manifests that describe workflows. Any shell execution must be performed by the AI assistant or IDE that consumes these definitions.

### How does PM Skills interact with external tools like security scanners?

PM Skills **documents** the interaction but does not perform it. For example, a command like `/security-audit-static` is defined in a Markdown file that describes what the AI should do, but the actual execution of the security scanning tool occurs in the host AI's environment (such as Claude Desktop or Gemini CLI), not within the PM Skills repository itself.

### What is the purpose of the [`validate_plugins.py`](https://github.com/phuryn/pm-skills/blob/main/validate_plugins.py) script?

The [`validate_plugins.py`](https://github.com/phuryn/pm-skills/blob/main/validate_plugins.py) file is a **static validator** that checks the integrity of plugin manifests and front‑matter syntax. It loads JSON files and verifies required fields are present, but it never invokes `subprocess`, `os.system`, or any external binaries. It ensures the declarative definitions are well‑formed, not that they execute correctly.

### Do PM Skills commands use placeholders for arguments?

Yes. According to [`CLAUDE.md`](https://github.com/phuryn/pm-skills/blob/main/CLAUDE.md), commands use a single **`$ARGUMENTS`** placeholder to indicate where user input should be inserted. Skills require no placeholders because they read context from the conversation. This design reinforces that commands are templates for the AI to interpret, not scripts for the operating system to execute.