Skills
skills/bmad-code-org/bmad-method/bmad-create-prd/Gen Agent Trust Hub

bmad-create-prd

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The activation sequence in SKILL.md executes a local Python script (_bmad/scripts/resolve_customization.py) to resolve and merge configuration settings from customize.toml and other project-level override files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it actively discovers and loads external markdown files (e.g., *brief*.md, *research*.md) into the agent's context to inform the PRD creation.
  • Ingestion points: Identified in steps-c/step-01-init.md, which searches for and loads files matching patterns like *brief*.md, *research*.md, and project-context.md from the project directory.
  • Boundary markers: The instructions do not define specific delimiters or instructions to the LLM to ignore potentially malicious directions embedded within those discovered documents.
  • Capability inventory: The skill has the capability to execute local scripts (via SKILL.md) and perform CSV data lookups (via step-02-discovery.md).
  • Sanitization: There is no explicit sanitization or filtering of the content loaded from the discovered external documents before they are used to influence the agent's output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:39 AM