bmad-idea
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions that fetch content from the author's GitHub repository (
github.com/akillness/oh-my-skills) using thenpx skills addcommand. It also references upstream documentation fromgithub.com/bmad-code-org/bmad-module-creative-intelligence-suite. - [PROMPT_INJECTION]: The skill facilitates multi-agent workflows that ingest and process user-provided content to generate creative outputs, which constitutes an indirect prompt injection surface.
- Ingestion points: User inputs provided during brainstorming, design thinking, innovation strategy, problem-solving, and storytelling sessions.
- Boundary markers: Absent; the instructions do not define specific delimiters or warnings to ignore embedded instructions in user data.
- Capability inventory: The skill utilizes file-system tools including
Read,Write,Grep, andGlob, as well asBashfor operational tasks. - Sanitization: Absent; the provided files do not specify validation or sanitization routines for user-supplied data before it is processed by the agents.
Audit Metadata