bmad-create-product-brief
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill automatically discovers and loads external markdown files from local project directories to influence its behavior.
- Ingestion points: Files are loaded from {planning_artifacts}, {output_folder}, {product_knowledge}, and docs in steps/step-01-init.md.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential instructions embedded within these discovered files.
- Capability inventory: The skill has the capability to write to the file system (outputFile) and trigger other internal skills/workflows as defined in steps/step-02-vision.md through steps/step-05-scope.md.
- Sanitization: No validation or sanitization is performed on the content of ingested documents.
- [DATA_EXFILTRATION]: Broad File Access: The skill performs recursive discovery and reading of markdown files within multiple user-defined project folders in steps/step-01-init.md, which may lead to the ingestion of sensitive project data into the agent's context.
Audit Metadata