bmad-performance-optimization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process external data sources which could be controlled by an adversary.
- Ingestion points: Processes 'metrics dashboards, traces, profiling dumps, load test reports' as defined in the 'Inputs Required' section.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the input data are defined in the skill.
- Capability inventory: The skill is granted powerful tools including 'Bash', 'Write', and 'Read'.
- Sanitization: No sanitization or validation logic is specified for the telemetry or report data before it is processed or used to generate optimization plans.
- Command Execution (HIGH): The inclusion of 'Bash' in 'allowed-tools' allows the agent to execute arbitrary shell commands. When combined with the mission to 'analyze telemetry' and 'recommend optimizations', there is a risk that malicious instructions embedded in a 'profiling dump' could lead the agent to execute dangerous commands via the Bash tool.
Recommendations
- AI detected serious security threats
Audit Metadata