Skills
skills/bmad-labs/skills/load-docs/Gen Agent Trust Hub

load-docs

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest large amounts of untrusted text from local files and remote URLs directly into the agent's main context window. There are no instructions to enclose the ingested content in boundary markers or to warn the agent that the loaded content should be treated as data rather than instructions.
  • Ingestion points: Read tool (for local files) and WebFetch tool (for URLs) as specified in SKILL.md.
  • Boundary markers: Absent; the skill instructs the agent to read the content "yourself, completely" to allow for subsequent questions.
  • Capability inventory: Read, WebFetch, Glob, Bash ls, and TodoWrite across SKILL.md and evals/evals.json.
  • Sanitization: Absent; no filtering or sanitization of the content itself is performed before ingestion.
  • [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to retrieve content from arbitrary URLs. The evaluation suite includes a reference to fetching configuration and documentation from the official Anthropics repository on GitHub.
  • [COMMAND_EXECUTION]: The skill utilizes directory listing capabilities via the Glob tool or shell commands like ls to identify files for ingestion within a folder structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:46 AM