Skills
skills/bmad-code-org/bmad-method/bmad-help/Gen Agent Trust Hub

bmad-help

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from the local filesystem to provide grounding and recommendations.
  • Ingestion points: The skill reads {project-root}/_bmad/_config/bmad-help.csv, config.yaml files within the _bmad directory, and documentation files resolved via the project_knowledge configuration variable.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from following directives embedded within the ingested project files.
  • Capability inventory: The skill's actions are limited to parsing metadata and generating textual recommendations. It does not perform network operations, file writes, or command execution.
  • Sanitization: There is no logic mentioned to sanitize or validate the content of the CSV, YAML, or documentation files before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 02:14 PM