bmad-auto
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard build, test, and validation commands (e.g., npm run build, pytest, pio run) to verify code implementations. These operations are essential to the skill's function as a CI/CD-style orchestrator and are limited to the project's development environment.\n- [EXTERNAL_DOWNLOADS]: The skill automates dependency installation via well-known package managers and fetches Docker images for security and development tools (e.g., semgrep, gitleaks) from trusted official repositories on Docker Hub.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from local project configuration files (e.g., CLAUDE.md, .cursorrules) to ground sub-agents in project conventions. This is an inherent part of the development workflow.\n
- Ingestion points: Project knowledge sources identified during startup in SKILL.md and through functional validation markers.\n
- Boundary markers: The instructions do not define strict delimiters for ingested knowledge files, which is common in development agents.\n
- Capability inventory: Sub-agents possess capabilities for shell execution, file system access, and Git operations (excluding commits, which are handled by the lead orchestrator).\n
- Sanitization: The skill assumes knowledge base files are project-local and does not apply content sanitization before injection.\n- [SAFE]: The skill includes built-in security validation guides that promote secret scanning and dependency auditing. No malicious behavior or exfiltration patterns were identified.
Audit Metadata