bmad-os-review-prompt
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No executable code, scripts, or remote dependencies are included in the skill. The content consists entirely of instructions and metadata for the AI agent.
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to process and analyze untrusted text (user-provided prompts). This creates a surface for indirect prompt injection where a malicious prompt being reviewed could attempt to influence the reviewer agent's behavior.
- Ingestion points: The agent processes external prompts provided by the user in Step 0.
- Boundary markers: The skill includes an input validation step (Step 0) to ensure the input is a prompt, but does not specify delimiters for the review phase.
- Capability inventory: The skill uses natural language analysis and orchestration of sub-agents to perform reviews. It does not perform file writing, network operations, or shell command execution.
- Sanitization: No explicit sanitization or escaping of the user-provided prompt is performed before it is passed to the sub-agents in Track A and Track C.
- [SAFE]: The 'sub-agent' spawning described in the review tracks refers to agent orchestration logic rather than dynamic code execution or subprocess management. This is a standard pattern for complex reasoning tasks in LLM agent systems.
Audit Metadata