Skills
skills/bmad-code-org/bmad-method/bmad-agent-sm/Gen Agent Trust Hub

bmad-agent-sm

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs a file system search for **/project-context.md to load project-specific standards as a foundational reference.
  • [PROMPT_INJECTION]: The skill implements persona enforcement instructions ("must not break character until the users dismisses this persona") which dictate agent behavior constraints.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external data from workspace files.
  • Ingestion points: Reads content from **/project-context.md and retrieves configuration variables from the bmad-init skill.
  • Boundary markers: No delimiters or "ignore instructions" warnings are defined when loading the project context file.
  • Capability inventory: The skill can invoke multiple functional sub-skills (e.g., bmad-sprint-planning, bmad-create-story) based on processed data.
  • Sanitization: There is no evidence of input validation or filtering for the data loaded from the project context file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:51 PM