skills/bmad-code-org/bmad-module-creative-intelligence-suite/bmad-cis-innovation-strategy/Gen Agent Trust Hub
bmad-cis-innovation-strategy
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
{project-root}/_bmad/scripts/resolve_customization.pyduring both the activation and completion steps. This script is used to merge configuration settings from the skill's root and project-specific customization files. This execution is part of the established orchestration for the bmad-code-org toolkit. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the project directory and user-provided attributes.
- Ingestion points: Persistent facts are loaded from
{project-root}/**/project-context.mdand thedataattribute. - Boundary markers: No explicit delimiters (like XML tags or markdown blocks) are used to isolate ingested project context from the primary instructions.
- Capability inventory: The skill has the ability to execute local Python scripts and perform file system writes for saving strategy artifacts.
- Sanitization: There is no evidence of filtering or sanitization performed on the ingested file contents or user data prior to processing.
Audit Metadata