bmad
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation script (
scripts/install.sh) and setup documentation (SETUP.md) contain commands to download and execute a shell script directly from an external domain (https://plannotator.ai/install.sh) using thecurl | shpattern. This bypasses standard package managers and executes unverified remote code on the host system. - [DATA_EXFILTRATION]: The
scripts/phase-gate-review.shscript captures the content of local project documents (such as Product Requirements Documents and Architecture specifications) and transmits them to theplannotator.aiservice. This sends potentially sensitive technical information to an external third-party infrastructure. - [EXTERNAL_DOWNLOADS]: During setup, the skill attempts to fetch and install the
plannotatorCLI tool from a remote server that is not part of a recognized trusted organization or well-known service provider. - [COMMAND_EXECUTION]: The skill relies on several local bash scripts (
install.sh,init-project.sh,phase-gate-review.sh,check-status.sh,validate-config.sh) to perform file operations, modify directory structures, and update project configurations. It also uses Python'ssubprocessmodule to execute these CLI tools. - [COMMAND_EXECUTION]: The installation process attempts to modify the agent's operational environment by configuring an
ExitPlanModehook for Claude Code, which alters the agent's behavior during workflow transitions.
Recommendations
- HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata