Skills
skills/bmad-code-org/bmad-module-creative-intelligence-suite/bmad-cis-agent-design-thinking-coach/Gen Agent Trust Hub

bmad-cis-agent-design-thinking-coach

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to execute shell commands from multiple sources. It explicitly runs a Python script located at {project-root}/_bmad/scripts/resolve_customization.py during activation. Furthermore, it implements a mechanism to execute arbitrary commands defined in the {agent.activation_steps_prepend} and {agent.activation_steps_append} arrays. These commands are sourced from configuration files (customize.toml, {skill-name}.toml, and {skill-name}.user.toml), allowing for dynamic execution based on project-level or user-level configuration.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection.
  • Ingestion points: The skill recursively loads data from the project directory using the glob pattern {project-root}/**/project-context.md and reads from _bmad/cis/config.yaml.
  • Boundary markers: There are no delimiters or instructions to ignore embedded commands within the ingested files.
  • Capability inventory: The agent has the capability to execute shell commands via the activation steps and dispatch menu items to other skills.
  • Sanitization: There is no evidence of sanitization or validation of the content loaded from the project files before it is treated as 'foundational context'.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 05:55 AM