Skills
skills/airclear/skills/bmad-tea/Gen Agent Trust Hub

bmad-tea

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation and workflows suggest installing multiple external packages that are not part of the trusted vendors list. These include @seontechnologies/playwright-utils, @seontechnologies/pactjs-utils, and the SmartBear MCP server via npx @smartbear/mcp@latest. While these appear to be legitimate testing utilities associated with SEON Technologies and SmartBear, they are external dependencies.
  • [EXTERNAL_DOWNLOADS]: In playwright-cli.md, the skill instructs users to run npm install -g @playwright/cli@latest. This is a non-standard package name for the official Playwright toolset (which is typically accessed via npx playwright or the playwright and @playwright/test packages). This represents a high risk of typosquatting or installing unverifiable third-party code.
  • [PROMPT_INJECTION]: The skill's primary function involves analyzing external data, including source code, test results, and system logs (e.g., in the test-review and nfr-assess workflows). These workflows ingest untrusted data and possess the capability to generate code and CI pipelines. The absence of explicit boundary markers or sanitization instructions for this ingested data creates an indirect prompt injection surface.
  • [COMMAND_EXECUTION]: The skill facilitates the creation and execution of various shell scripts and CI/CD configurations across platforms like GitHub Actions, GitLab CI, and Jenkins. This includes commands for managing file permissions (chmod +x), installing system-level browser dependencies, and executing arbitrary test suites.
  • [REMOTE_CODE_EXECUTION]: Several workflows (e.g., automate, atdd) utilize subagents or 'worker' patterns where the agent is instructed to generate and then potentially execute or verify test code. Piped remote execution is present in documentation examples like curl ... | bash patterns in the burn-in.md and ci-burn-in.md knowledge fragments when discussing CI setup.
  • [DYNAMIC_EXECUTION]: The workflow step files (e.g., step-03-generate-tests.md in the automate workflow) contain embedded JavaScript-like blocks for 'orchestration logic' such as capability probing and mode resolution. This pattern of embedding executable logic within instruction files for agent-side execution is a form of dynamic instruction generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 07:31 AM