bmad-os-findings-triage
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from findings reports and codebase source files.\n
- Ingestion points: Findings reports (Phase 1.1 in prompts/instructions.md) and codebase source files (Phase 1 in prompts/agent-prompt.md).\n
- Boundary markers: Absent. There are no explicit delimiters or 'ignore embedded instructions' warnings applied to the ingested content.\n
- Capability inventory: Access to codebase search tools, file-write capabilities, and the ability to spawn sub-agents via the Agent tool.\n
- Sanitization: Absent. External content is interpolated directly into prompts without escaping or validation.\n- [COMMAND_EXECUTION]: Orchestration and File Modification. The skill uses the Agent tool to dynamically spawn sub-agents (prompts/instructions.md) and provides them with instructions to modify source code (prompts/agent-prompt.md) based on human decisions. These capabilities are powerful but are intended for the skill's primary purpose and are protected by human-in-the-loop checkpoints.
Audit Metadata