bmad-agent-marketing-referral
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions in
references/shared-patterns.mdfor the agent to execute shell commands to check for and install theagent-browsertool and Playwright dependencies usingnpmandnpxif they are not already present in the environment. - [EXTERNAL_DOWNLOADS]: The skill references and suggests downloading software from a GitHub repository hosted by Vercel Labs and installing packages from the official npm registry to enable its web auditing capabilities.
- [PROMPT_INJECTION]: The "Live Website URL Audit" capability defined in
references/shared-patterns.mdenables the agent to ingest data from external, untrusted websites. This presents an indirect prompt injection surface where a malicious website could attempt to influence the agent's behavior. - Ingestion points: Untrusted data enters the context when the agent audits a live website URL as described in
references/shared-patterns.md. - Boundary markers: The instructions lack explicit delimiters or "ignore embedded instructions" warnings for the content fetched from the web.
- Capability inventory: The skill has the capability to write files to the local file system (deliverables) and execute shell commands (installation of dependencies).
- Sanitization: No evidence of sanitization or validation of the content retrieved from external URLs was found.
Audit Metadata