skills/bmad-code-org/bmad-method-test-architecture-enterprise/bmad-teach-me-testing/Gen Agent Trust Hub
bmad-teach-me-testing
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A thorough analysis did not identify any malicious patterns, prompt injection attempts, or unauthorized access to sensitive credentials.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and educational resources from the official
bmad-code-orgGitHub repository and website. It also points to well-known industry documentation for Playwright, Jest, Cypress, and Vitest. These connections are functional for the learning objective and target reputable sources. - [COMMAND_EXECUTION]: The skill executes a local customization resolver script (
resolve_customization.py) and internal workflows (advanced-elicitation,party-mode) provided by the platform. These operations are restricted to the local environment and are standard for the agent's initialization and interactive features. - [DATA_EXFILTRATION]: Learner data, including progress tracking and session notes, is stored within local project directories. There is no evidence of exfiltration of sensitive files (~/.ssh, ~/.aws, etc.) or network transmission of personal data.
- [SAFE]: The attack surface for indirect prompt injection was assessed as standard for this type of application.
- Ingestion points: The skill loads project facts from
{project-root}/**/project-context.mdand user progress from YAML files. - Boundary markers: Explicit delimiters for ingested facts are not defined in the loading instructions.
- Capability inventory: The agent can perform local file reads/writes for state management and execute pre-defined internal scripts/workflows.
- Sanitization: Content from context files is loaded verbatim into the session context without specific filtering.
Audit Metadata