Skills
skills/akillness/skills-template/bmad/Gen Agent Trust Hub

bmad

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The scripts/install.sh file contains a command that fetches a shell script from https://plannotator.ai/install.sh and pipes it directly to sh. This allows for the execution of unverified remote code from an external source without integrity checks.
  • [COMMAND_EXECUTION]: The skill uses python3 -c within shell scripts (scripts/check-status.sh, scripts/phase-gate-review.sh) to execute inline Python code for YAML parsing and submission logic. This involves dynamic execution of code constructed from string templates.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from project documentation files.
  • Ingestion points: The scripts/phase-gate-review.sh script reads the content of documents such as PRDs and architecture specifications from the docs/ directory.
  • Boundary markers: The skill does not use any delimiters or explicit instructions to the model to ignore potential directives embedded within the processed documents.
  • Capability inventory: The skill has access to tools like Bash, Write, and Read, and it executes multiple logic-heavy scripts based on the workflow state.
  • Sanitization: There is no evidence of content sanitization or validation of the markdown/YAML files before they are read and processed into the agent's context.
Recommendations
  • HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 02:29 AM