Skills
skills/bmad-code-org/bmad-module-creative-intelligence-suite/bmad-cis-agent-storyteller/Gen Agent Trust Hub

bmad-cis-agent-storyteller

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a Python script located at {project-root}/_bmad/scripts/resolve_customization.py and dynamically runs commands defined in the activation_steps_prepend and activation_steps_append arrays.
  • [COMMAND_EXECUTION]: The menu system executes arbitrary prompt text if configured in the agent.menu configuration block.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the file system via glob patterns and incorporates it into the agent's foundational context as persistent facts.
  • Ingestion points: persistent_facts entries in customize.toml and project-context.md files.
  • Boundary markers: Absent; file contents are treated as literal facts.
  • Capability inventory: Execution of shell commands and dynamic prompts.
  • Sanitization: None identified for file-based inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 05:56 AM