bmad-idea
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation references external GitHub repositories (supercent-io and bmad-code-org) for installation instructions and reference materials. These links point to the official sources of the bmad-idea suite.
- [COMMAND_EXECUTION]: The skill requests permissions for the Bash and Write tools. According to the reference documentation, these are used to save creative workflow results into local files and to facilitate the operation of visual tools like Mermaid or Excalidraw.
- [NO_CODE]: No executable code files (such as .py, .js, or .sh scripts) were provided in this skill package; the analyzed files consist solely of markdown documentation and metadata.
- [SAFE]: No indicators of prompt injection, data exfiltration, or persistence mechanisms were found within the provided documentation and configuration files.
Audit Metadata