bmad-idea

The skill's described purpose and capabilities are coherent with a creative multi-agent ideation suite. However, the installation pathway relies on an unverifiable GitHub source via npx, which introduces supply-chain risk and warrants elevated scrutiny. Other data flows and credential exposure risks appear low based on the provided description. Overall, classify as SUSPICIOUS due to unverifiable dependencies and potential transitive installation concerns, with notable but non-exploitative capability for collaborative ideation.