Skills
skills/bmad-code-org/bmad-method/bmad-os-root-cause-analysis/Gen Agent Trust Hub

bmad-os-root-cause-analysis

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources such as GitHub PR descriptions, issue discussions, and commit messages.
  • Ingestion points: Processes content from gh and git command outputs, including PR/issue metadata and repository files (e.g., CI workflows).
  • Boundary markers: The instructions do not define clear delimiters or system instructions to ignore embedded commands within the processed data.
  • Capability inventory: The agent can execute gh and git commands and perform file-write operations to the local file system.
  • Sanitization: No explicit sanitization or validation of the external content is performed before processing.
  • [COMMAND_EXECUTION]: The skill requires and executes gh (GitHub CLI) and git commands to gather evidence. This provides the agent with broad access to repository history, metadata, and configuration files, which is necessary for the skill's primary purpose but represents a powerful capability if subverted via injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 01:29 AM