bmad-agent-marketing-sales
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'agent-browser' utility for market research tasks, which is fetched from the official Vercel Labs GitHub repository. This is a recognized and trusted source for such tooling.
- [COMMAND_EXECUTION]: Provides documented shell commands for research sessions using the browser automation tool. These operations are restricted to obtaining text and screenshots for market analysis purposes.
- [SAFE]: The skill is instructed to read project-specific configuration files (config.yaml) to tailor the generated sales assets. This is standard behavior for personalized content generation.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its automated browsing capabilities which ingest external, untrusted content from competitor websites and review platforms.
- Ingestion points: Web content fetched via 'agent-browser' in references/competitive-research.md.
- Boundary markers: None specified for handling external text.
- Capability inventory: Includes web browsing and file writing to the local brands directory.
- Sanitization: No sanitization steps for external data are described in the instructions.
Audit Metadata