bmad-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard git status and git diff commands to programmatically determine which files have changed in the local workspace. This behavior is expected and appropriate for its stated purpose of performing code reviews. \n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of untrusted project artifacts and source code. \n
- Ingestion points: The skill loads project documentation (architecture, epics, UX) and implementation files as defined in discover-inputs.md and workflow.md. \n
- Boundary markers: There are no explicit instructions or delimiters provided to the LLM to ignore or escape instructions that might be embedded within the files being reviewed. \n
- Capability inventory: The skill has significant capabilities, including the ability to write local files, update the sprint-status.yaml file, and automatically modify source code to fix identified issues. \n
- Sanitization: The skill does not perform any sanitization or validation on the content ingested from the project files before it is processed by the AI agent.
Audit Metadata