implement-feature
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and follows instructions from external files.
- Ingestion points: Loads task specifications from
workspace/tasks/{task_id}.mdin Step 0 using a helper script. - Boundary markers: No boundary markers or 'ignore' instructions are provided when parsing the content of the task specification.
- Capability inventory: The skill can read local files via
read_file.pyand execute arbitrary test code viarun_tests.py. - Sanitization: While the
task_idinput is validated against a specific pattern, the content of the file being read is used to define implementation tasks without further sanitization. - [COMMAND_EXECUTION]: The skill performs command-line operations using local Python scripts to facilitate the TDD workflow.
- Evidence: Executes
python .claude/skills/bmad-commands/scripts/read_file.pyandpython .claude/skills/bmad-commands/scripts/run_tests.pyacross multiple workflow steps. - Context: These executions are used for reading requirements and running the test suite, which are standard operations for a development-focused agent skill.
Audit Metadata