bmad
Fail
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
scripts/install.shfile andSETUP.mdinstructions explicitly use the patterncurl -sSfL https://plannotator.ai/install.sh | sh. This executes unverified remote scripts with local shell privileges, which is a high-risk pattern for arbitrary code execution if the remote source or transmission is compromised. - [DATA_EXFILTRATION]: The
scripts/phase-gate-review.shscript is designed to submit phase deliverables (PRDs, Architecture specs, etc.) to the externalplannotator.aiservice using theplannotator submitcommand. This represents a transfer of potentially sensitive project documentation to a third-party server. - [EXTERNAL_DOWNLOADS]: The skill initiates several external downloads and tool installations at runtime, including the
plannotatorCLI,fabricCLI, and potential project templates from thesupercent-ioGitHub organization. These dependencies are fetched from unverified external sources. - [COMMAND_EXECUTION]: Multiple scripts (
scripts/init-project.sh,scripts/check-status.sh,scripts/phase-gate-review.sh) use shell commands to manage project state, manipulate files withsed, and execute Python snippets (python3 -c). These operations include the use ofchmod +xon scripts and directory creation, which requires cautious management of path variables to prevent command injection. - [SAFE]: The skill follows standard configuration management patterns by using YAML templates for project settings and local files (
docs/bmm-workflow-status.yaml) for state persistence. Documentation for integration with local notes applications like Obsidian and Bear correctly describes these as user-configured options.
Recommendations
- HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata