bmad-architecture-design
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for indirect prompt injection (Category 8) as it is designed to ingest and act upon external inputs such as product requirements and existing repository assets. Evidence Chain: 1. Ingestion points: The skill reads from 'prd', 'constraints', and 'existing_assets' provided by external sources. 2. Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings defined to separate data from system instructions. 3. Capability inventory: The skill has 'Read', 'Write', and 'Grep' tool access and calls an external Python script. 4. Sanitization: No evidence of input validation or escaping for the processed data is present.
- [COMMAND_EXECUTION] (LOW): The skill specifies the execution of a local script 'scripts/generate_architecture.py' during its process. While no remote execution or downloads were found, the use of a script to handle data from external inputs constitutes a local command execution surface.
Audit Metadata