bmad-dev-story
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via its primary task input. It processes external story files and Dev Notes as authoritative guides, and its workflow mandates following these instructions 'EXACTLY AS WRITTEN' without deviation. A maliciously crafted story file could trick the agent into performing unintended operations.\n
- Ingestion points: Story markdown files and Dev Notes sections (workflow.md).\n
- Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands in the ingested content.\n
- Capability inventory: The skill has the ability to create and modify files and execute shell commands for testing and linting purposes (workflow.md).\n
- Sanitization: Absent; the skill does not validate or sanitize the content of the story files before execution.\n- [COMMAND_EXECUTION]: The skill workflow automatically identifies and executes test suites and linting tools based on the project structure. This involves the dynamic execution of shell commands, which poses a risk if the project environment or test configuration has been tampered with by an attacker.
Audit Metadata