bmad-brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes an optional context file (ingested in 'steps/step-01-session-setup.md') to provide tailored guidance during brainstorming. The absence of strict boundary markers or sanitization for this external content represents a surface for indirect prompt injection, which could be used to influence the facilitator's behavior through malicious instructions embedded in the context data.\n
- Ingestion points: The 'context_file' is loaded and used to inform the 'Session Context Gathering' phase in 'steps/step-01-session-setup.md'.\n
- Boundary markers: There are no explicit delimiters defined to separate the context data from the agent's core instructions.\n
- Capability inventory: The skill possesses the ability to create directories, copy files, write to the filesystem, and call the 'bmad-advanced-elicitation' skill.\n
- Sanitization: No validation or filtering logic is mentioned for the content of the context file.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands for initial document and environment management.\n
- Evidence: In 'steps/step-01-session-setup.md', the agent is instructed to execute 'mkdir' and 'cp' commands to set up the session output directory and initialize the brainstorming file from a template. These commands are restricted to localized project paths and are consistent with the skill's intended administrative functions.
Audit Metadata