build-test-guide
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to run 'npx bmad-method install', which downloads and executes code from the npm registry. The 'bmad-method' package is hosted by an unverified organization ('bmad-code-org') and is not part of the trusted vendors list.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted local data from the project directory. Ingestion points: The agent reads content from 'pmf/icp.md', 'pmf/value-prop.md', and 'pmf/mvp.md' using the Read tool. Boundary markers: No delimiters or safety instructions are used when interpolating file content into the summarized output. Capability inventory: The agent's tools are restricted to 'Read', 'Glob', and 'AskUserQuestion'. It does not have permission to execute commands or write files, which limits the potential impact of an injection. Sanitization: No sanitization or validation is performed on the ingested file content before it is processed by the agent.
Audit Metadata