skills/bmad-code-org/bmad-module-creative-intelligence-suite/bmad-cis-agent-creative-problem-solver/Gen Agent Trust Hub
bmad-cis-agent-creative-problem-solver
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script during initialization as defined in Step 1 of SKILL.md:
python3 {project-root}/_bmad/scripts/resolve_customization.py.\n- [COMMAND_EXECUTION]: The skill provides an interface to execute sequences of arbitrary shell commands defined in theactivation_steps_prependandactivation_steps_appendarrays. These commands are sourced from merged configuration files (customize.tomland project-level overrides), creating an execution surface for commands defined outside the skill itself.\n- [REMOTE_CODE_EXECUTION]: The capability to execute commands sourced from configuration files in the project root allows for the execution of arbitrary code if the project environment or its configuration files are influenced by an attacker.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted data from the local file system into the agent's context as foundational facts.\n - Ingestion points: SKILL.md Step 4 reads files matching the glob pattern
{project-root}/**/project-context.md.\n - Boundary markers: Absent. There are no delimiters or warnings to the model to ignore embedded instructions within these ingested files.\n
- Capability inventory: The agent has the ability to execute shell commands and Python scripts as part of its activation and menu dispatch logic.\n
- Sanitization: None. The content of ingested files is loaded verbatim as persistent facts.
Audit Metadata