bmad-security-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to indirect prompt injection via external content.
- Ingestion points: Processes architecture docs, code repositories, and penetration test reports.
- Boundary markers: No delimiters or isolation instructions are present to prevent embedded instructions from overriding the agent's logic.
- Capability inventory: Uses Read, Write, and Grep tools; generates remediation backlogs and issues launch recommendations.
- Sanitization: Lacks any mechanisms to filter or escape instructions embedded in the ingested files.
Recommendations
- AI detected serious security threats
Audit Metadata