bmad-create-story
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from project files and Git history without sanitization or boundary markers, creating a surface for indirect prompt injection where malicious instructions embedded in documents could influence the agent's behavior. * Ingestion points: Reads from project artifacts including epics, PRDs, and architecture files. * Boundary markers: None identified in the processing workflow. * Capability inventory: File system read/write, shell command execution (git), and web research tools. * Sanitization: No input validation is performed on processed content.
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with the Git repository and performs file system operations using glob patterns to discover project artifacts.
- [EXTERNAL_DOWNLOADS]: The workflow performs web research to retrieve technical specifications and library information from the internet.
Audit Metadata