bmad-create-architecture
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a collaborative facilitator, guiding the user through architectural decisions without executing dangerous commands or accessing unauthorized data. It utilizes a structured approach with explicit user control at every transition point.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection by ingesting untrusted project documentation such as PRDs and UX designs. This is a functional requirement for the skill's purpose and is handled through user-confirmed discovery processes.
- Ingestion points: steps/step-01-init.md discovers and loads markdown files (brief.md, prd.md, ux-design.md, research.md) from the project environment.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the loading instructions.
- Capability inventory: The skill is restricted to document generation and web searching for technical documentation; it lacks capabilities for arbitrary command execution or data exfiltration.
- Sanitization: No sanitization of the input file content is performed.
Audit Metadata