bmad-brainstorming-coach
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow steps in 'assets/workflows/party-mode/steps/step-02-discussion-orchestration.md' instruct the agent to output shell-triggering patterns like '[Bash: .claude/hooks/bmad-speak.sh ...]'. This passes agent-generated responses as arguments to a local script, which is a command execution vector.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: It loads an optional 'context_file' and project documentation via globbing in 'assets/workflows/brainstorming/workflow.md'. 2. Boundary markers: There are no explicit markers or instructions to treat the ingested data as untrusted. 3. Capability inventory: The skill can write files and execute local bash hooks. 4. Sanitization: No input validation is performed on the ingested file content.
Audit Metadata