skills/bmad-code-org/bmad-method-test-architecture-enterprise/bmad-testarch-automate/Gen Agent Trust Hub
bmad-testarch-automate
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script located at
{project-root}/_bmad/scripts/resolve_customization.pyduring various phases of the workflow. This script is used for merging configurations and is part of the author's framework pattern for customization and setup. - [PROMPT_INJECTION]: The skill exhibits an inherent attack surface for indirect prompt injection because its primary function involves reading and analyzing untrusted source code and test files from the project directory. The skill possesses capabilities to write files and execute shell commands based on its analysis of this project data. No specific boundary markers or sanitization logic were found in the instructions to mitigate the risk of the agent obeying malicious instructions embedded in project files, though this is expected for code analysis tools.
Audit Metadata