bmad-orchestrator

The installer itself is legitimate-looking and non-obfuscated, but it performs high-risk supply-chain actions: executing a remote install script via curl | sh and running local hook/init scripts without verification. These behaviors create a meaningful attack surface — a compromised remote host or tampered local scripts could result in arbitrary code execution with the user's privileges. Recommended: avoid running curl | sh directly; inspect the remote install script before execution, use signature/checksum verification, prefer package managers or pinned releases, and review any local hook/init scripts prior to running. If using the script, run with caution (or in a sandbox) and use --dry-run or --skip-plannotator to reduce exposure.

The skill's stated purpose (BMAD workflow orchestration with phase gates and plannotator integration) aligns with its documented capabilities to route and gate phases. However, the installation path using an unverifiable GitHub URL introduces a notable supply-chain risk that is disproportionate to the stated use, elevating security risk. Data flows appear locally scoped (docs and Obsidian vault) with no explicit exfiltration, but the dependency risk and potential for future credential integrations warrant caution. Overall, the footprint is suspicious due to unverifiable dependencies and should be treated as Suspicious rather than Benign until the dependency is verified or replaced with a trusted source.