bmad-dev-story
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow (workflow.md, Steps 7 and 9) explicitly instructs the agent to execute shell commands to run tests, linters, and static analysis checks. The specific commands are inferred from the project structure at runtime, which is standard for development tools but involves executing arbitrary code from the repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the story files it processes.
- Ingestion points: Step 1 and Step 2 of 'workflow.md' ingest data from user-provided story markdown files and 'project-context.md'.
- Boundary markers: There are no explicit delimiters or instructions telling the agent to ignore embedded Natural Language instructions within these data files.
- Capability inventory: The skill possesses the capability to write files, modify project status configurations, and execute shell commands (via Step 7).
- Sanitization: No sanitization or validation of the content within the story files is performed before the agent treats them as an 'authoritative implementation guide' (Step 5).
- [AUTONOMY_CONCERN]: The workflow contains strong instructions (workflow.md, Step 5) to 'Absolutely DO NOT stop' and 'Execute continuously without pausing'. While intended for efficiency, this reduces the human-in-the-loop oversight during code implementation and execution phases.
Audit Metadata