bmad-development-execution
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates a vulnerability surface for indirect prompt injection through its story-driven workflow.
- Ingestion points: Untrusted data enters the agent context via 'story' files, 'architecture_refs', and 'ux_guidance' specified in
SKILL.md. - Boundary markers: Absent. There are no instructions to the LLM to treat the content of these files as data rather than instructions.
- Capability inventory: The skill has access to
Bash,Write, andReadtools, providing a powerful execution environment. - Sanitization: There is no evidence of input validation or escaping before data is processed or interpolated into tool calls.
- [Command Execution] (SAFE): The skill explicitly allows the
Bashtool. While this tool can be dangerous, its usage here is restricted to the primary purpose of running project-specific tests and builds. No malicious or obfuscated commands were found in the provided documentation or placeholders.
Audit Metadata