Skills
AGENT LAB: SKILLS
skills/aj-geddes/claude-code-bmad-skills/bmad-orchestrator/Gen Agent Trust Hub

bmad-orchestrator

Pass

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill contains multiple bash scripts (init-project.sh, check-status.sh, validate-config.sh) that perform filesystem operations such as directory creation and file generation using sed, grep, and cat. These are standard initialization behaviors but involve direct command execution on the host.
  • [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) The scripts/check-status.sh script reads workflow commands from a project-local file (bmm-workflow-status.yaml) and outputs them as 'Recommended next steps' (e.g., 'Run /prd to continue'). This presents an indirect prompt injection surface where an agent could be misled into executing unintended commands if the local status file is modified by an untrusted entity.
  • Ingestion points: docs/bmm-workflow-status.yaml (read in scripts/check-status.sh).
  • Boundary markers: None; commands are printed directly into the agent's output stream.
  • Capability inventory: The skill itself recommends commands; the agent's ability to execute them is external to this skill's code.
  • Sanitization: None; the script prints the command field from the YAML directly without validation.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 15, 2026, 09:10 PM