bmad-ux-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters, extract system prompts, or override agent constraints were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill does not contain hardcoded credentials, access sensitive system paths (like SSH or AWS configs), or perform network requests. Path resolution mentioned in documentation is limited to the skill's local workspace.
- [Remote Code Execution] (SAFE): No patterns for downloading or executing remote scripts (e.g., curl|bash) were found. The skill currently contains no executable code files, only markdown documentation and placeholders.
- [Indirect Prompt Injection] (LOW): The skill reads untrusted external data such as product requirements and architecture notes. However, because the skill's capabilities are strictly limited to local file operations (Read, Write, Grep) and it lacks shell or network access, the potential for malicious influence is negligible. 1. Ingestion points: SKILL.md (prd_sections, architecture_notes). 2. Boundary markers: Uses markdown templates for structure. 3. Capability inventory: Read, Write, Grep. 4. Sanitization: None.
- [Persistence & Privilege Escalation] (SAFE): No commands for modifying system configurations, shell profiles, or acquiring administrative privileges (sudo) were detected.
Audit Metadata