bmad-index-docs
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data by reading the contents of files within a user-specified directory to generate descriptive summaries. This creates an indirect prompt injection surface where a malicious file could contain instructions that attempt to influence the agent's behavior.
- Ingestion points: File contents in the target directory (specified in
workflow.md). - Boundary markers: No specific boundary markers or 'ignore' instructions are provided to delimit the untrusted file content.
- Capability inventory: Directory listing, file reading, and file writing (as defined in
workflow.md). - Sanitization: No explicit sanitization or content validation is mentioned before the agent processes the file contents.
- [COMMAND_EXECUTION]: The skill uses tools to perform file system operations, specifically scanning directories and reading/writing markdown files. These capabilities are necessary for its primary function but represent the operational scope available to the agent.
Audit Metadata