bmad-idea
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation section in SKILL.md references an external GitHub repository (supercent-io/skills-template) for skill deployment, which is outside the list of trusted vendors.
- [COMMAND_EXECUTION]: The allowed-tools metadata in SKILL.md includes Bash, granting the agent the capability to execute shell commands within the host environment.
- [DATA_EXFILTRATION]: The skill requests Write tool access to save session outputs to directories like ./creative-outputs/, as mentioned in REFERENCE.md. While used for legitimate purposes, this capability provides a surface for unauthorized file system modification or data staging.
- [PROMPT_INJECTION]: The skill ingests and processes user-supplied data across several agents (Carson, Maya, Victor, etc.), creating an attack surface for indirect prompt injection.
- Ingestion points: User prompts for creative workflows across all specialist agents.
- Boundary markers: None identified to separate instructions from user-provided data.
- Capability inventory: High-privilege access to Bash, Write, Read, Grep, and Glob tools.
- Sanitization: No validation or sanitization of input data is described in the provided files.
Audit Metadata