Skills
skills/bacoco/bmad-skills/bmad-taskmaster-mcp-bootstrap/Gen Agent Trust Hub

bmad-taskmaster-mcp-bootstrap

Warn

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the TaskMaster MCP server from a third-party GitHub repository (https://github.com/eyaltoledano/claude-task-master) which is not included in the trusted vendor list.
  • [REMOTE_CODE_EXECUTION]: The skill executes remote code through npx task-master-ai and calls a local shell script (scripts/bootstrap_taskmaster.sh) to provision the server environment.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to check environment readiness, install dependencies, and run server health checks.
  • [CREDENTIALS_UNSAFE]: The skill instructions require the agent to collect private API keys and tokens from the operator to configure the .env and mcp.json files.
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected through the processing of external data.
  • Ingestion points: Reads and writes to shared tasks.md files.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill.
  • Capability inventory: Uses Bash, Write, Read, and Grep tools, allowing for potential exploitation if malicious instructions are present in tasks.md.
  • Sanitization: No sanitization or validation logic is specified for the data processed from shared files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 24, 2026, 03:36 PM