bmad-gds
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration allows access to the
Bashtool, as well asRead,Write,Grep, andGlob. These permissions enable the agent to execute shell commands and interact extensively with the local file system. This level of access is common for developer-focused orchestration tools but represents a significant capability surface. - [PROMPT_INJECTION]: The skill is designed to ingest and summarize external, potentially untrusted data such as player feedback, bug reports, and design documents (GDD). This creates an attack surface for indirect prompt injection where instructions embedded in project artifacts could influence the agent's logic.
- Ingestion points: Processes external files including 'idea-notes', 'gdd-or-design-doc', 'backlog-or-board', and 'playtest-feedback' as defined in Step 1 of
SKILL.md. - Boundary markers: No specific delimiters or safety instructions are defined to separate user/project data from the agent's core instructions.
- Capability inventory: The skill is granted
Bash,Read,Write,Grep, andGlobtools, providing a powerful execution environment for any instructions parsed from intake data. - Sanitization: The instructions do not specify any validation, filtering, or sanitization of the content extracted from game production packets.
Audit Metadata