bmad-agent-marketing-retention
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill instructions or provided templates.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing 'agent-browser' from the vercel-labs GitHub organization and 'playwright' via NPM for research purposes. These are recognized as trusted and well-known sources.
- [PROMPT_INJECTION]: The research playbook utilizes a browser tool to ingest text from external websites in 'references/research-playbook.md'. While this ingestion represents a surface for indirect prompt injection, the skill uses the data for analysis and does not have capabilities that would be dangerously exploited by untrusted input. The process lacks explicit boundary markers or sanitization, but is limited to research and screenshot capabilities.
Audit Metadata