bmad-story-planning
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted external data from multiple sources to generate output files, creating a vulnerability surface where malicious instructions in documents could hijack the agent's behavior.
- Ingestion points: The skill reads
epics.md, architecture decision outputs, andux_assets(annotated wireframes/notes). - Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from following commands embedded within the input documents.
- Capability inventory: The skill utilizes
WriteandReadtools to modify the local filesystem and executes a local scriptscripts/create_story.py. - Sanitization: Absent. There is no evidence of validation or filtering for the content extracted from external assets before it is processed by the story-creation logic.
- Unverifiable Dependencies (LOW): The skill references a local file
scripts/create_story.pyto handle structured JSON inputs. While local, the contents of this script are not provided for review, making its handling of potentially malicious JSON payloads unverifiable.
Audit Metadata