Skills
skills/bmad-code-org/bmad-method/bmad-agent-ux-designer/Gen Agent Trust Hub

bmad-agent-ux-designer

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: During the activation sequence in SKILL.md, the agent executes a local Python script located at {project-root}/_bmad/scripts/resolve_customization.py using the uv run command to load configuration data.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by loading instructions and configuration from multiple untrusted or user-modifiable local files.
  • Ingestion points: The agent reads data from customize.yaml, {project-root}/_bmad/custom/{skill-name}.yaml, {skill-name}.user.yaml, {project-root}/_bmad/bmm/config.yaml, and {project-root}/**/project-context.md.
  • Boundary markers: The instructions lack delimiters or explicit warnings to ignore embedded instructions within the ingested context or project files.
  • Capability inventory: The agent possesses the ability to execute shell commands (via uv run), invoke other registered skills, and execute arbitrary prompt text defined in the agent.menu or agent.critical_actions configuration blocks.
  • Sanitization: No sanitization, escaping, or validation logic is defined for the content loaded from these external files before it is incorporated into the agent's persona or execution logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 03:02 AM