bmad-idea
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to facilitate creative workflows such as brainstorming, design thinking, and storytelling. Analysis confirms that the behavior matches its stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and an installation source on GitHub (
github.com/akillness/oh-my-skillsandgithub.com/bmad-code-org/bmad-module-creative-intelligence-suite). These resources are consistent with the vendor and project identity and represent legitimate external references. - [COMMAND_EXECUTION]: The skill is configured with access to
Bash,Read, andWritetools. These are used to manage creative sessions and store outputs in a local directory (./creative-outputs/). No suspicious or unauthorized command patterns were found. - [PROMPT_INJECTION]: The skill ingests untrusted user input for creative tasks (brainstorming, problem-solving) and has access to powerful tools (
Bash). This creates an indirect prompt injection surface. - Ingestion points: User-provided text for ideation sessions.
- Boundary markers: The instructions do not define specific delimiters for separating user data from system instructions.
- Capability inventory:
Read,Write,Bash,Grep,Globtools are accessible. - Sanitization: No explicit sanitization or validation of the user-provided data is mentioned.
- Note: This is identified as a functional surface typical of creative assistants and does not involve malicious logic.
Audit Metadata