BMad Master
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security vulnerabilities were detected. The skill is an orchestrator that manages local project state.
- COMMAND_EXECUTION (SAFE): The skill instructs the agent to create a specific directory structure (bmad/, docs/) and write configuration files. These operations are standard for project initialization and do not involve high-risk commands or arbitrary execution.
- DATA_EXFILTRATION (SAFE): No network operations (curl, wget, etc.) or access to sensitive global file paths (~/.ssh, ~/.aws) were found. All file operations are restricted to the local project directory.
- PROMPT_INJECTION (SAFE): The skill's instructions are focused on project methodology and do not contain patterns aimed at overriding agent safety filters or extracting system prompts.
Audit Metadata