Skills
skills/bmad-code-org/bmad-method-wds-expansion/wds-agent-saga-analyst/Gen Agent Trust Hub

wds-agent-saga-analyst

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a Python script located at {project-root}/_bmad/scripts/resolve_customization.py during its initialization process to resolve configuration overrides.
  • [DATA_EXFILTRATION]: The skill's persistent_facts mechanism is configured to automatically read and ingest the contents of files matching the glob {project-root}/**/project-context.md into the agent's context, which may inadvertently expose sensitive local data.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by merging instructions from multiple unverified configuration files and executing dynamic activation steps. Ingestion points: customize.toml, config.yaml, and project-specific override files; Boundary markers: Absent, with instructions to treat data as foundational context; Capability inventory: Local script execution and dynamic instruction processing; Sanitization: None provided for external configuration data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 06:20 PM