bmad-shard-doc
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires downloading the '@kayvan/markdown-tree-parser' package from the NPM registry at runtime via 'npx'.
- [REMOTE_CODE_EXECUTION]: The execution of an unverified third-party package directly from a public registry poses a risk as the downloaded code is executed on the local environment without prior verification.
- [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating user-provided inputs for '[source-document]' and '[destination-folder]'. This pattern is vulnerable to command injection if the provided paths contain shell metacharacters (e.g., semicolons or backticks).
- [COMMAND_EXECUTION]: The workflow includes functionality to delete the original source document from the file system, which is a destructive operation.
- [PROMPT_INJECTION]: The skill processes untrusted external markdown content which could contain malicious instructions designed to hijack the agent's logic during the parsing phase.
- Ingestion points: The content of the document provided at '[source-document]' in workflow.md.
- Boundary markers: No delimiters or isolation techniques are used to separate the external file content from the agent's operational instructions.
- Capability inventory: Shell command execution via 'npx' and file system operations (move/delete) defined in workflow.md.
- Sanitization: There is no evidence of sanitization or safety filtering performed on the markdown content before it is processed by the external tool.
Audit Metadata