bmad-advanced-elicitation
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses highly directive language in workflow.md, such as 'MANDATORY', 'CRITICAL', and 'HALT immediately', to force compliance with its internal logic and ensure the LLM follows the specified flow without deviation.
- [PROMPT_INJECTION]: A vulnerability to indirect prompt injection exists (Category 8). 1. Ingestion points: The skill loads and interprets method descriptions from methods.csv and agent definitions from agent-manifest.csv. 2. Boundary markers: There are no explicit delimiters or instructions provided to the LLM to ignore potentially malicious instructions embedded within the CSV data or the content being refined. 3. Capability inventory: The skill has the power to systematically rewrite and replace document sections, which could be exploited if malicious methods are injected into the CSV or input data. 4. Sanitization: No validation or filtering is performed on the data read from external files or user input before it is processed by the LLM as part of the elicitation workflow.
Audit Metadata