bmad-product-planning
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The process instructions in
SKILL.mdexplicitly direct the agent to runscripts/generate_prd.py. Since the script is not included in the analyzed files, its security posture cannot be verified, posing a risk of arbitrary command execution or unauthorized file access. - Indirect Prompt Injection (LOW): The skill is designed to process untrusted external data, making it vulnerable to indirect prompt injection. 1. Ingestion points:
discovery_artifacts(briefs, research memos, or notes). 2. Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore instructions embedded in the artifacts. 3. Capability inventory:Read,Write, andGreptools, plus the execution ofscripts/generate_prd.py. 4. Sanitization: Absent; the skill does not specify any validation or sanitization of the input data before processing or script execution.
Audit Metadata