bmad-gds
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation instructions in SKILL.md reference an external repository (github.com/supercent-io/skills-template) that is not included in the trusted vendors list.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to ingest and process external project data and user-provided brainstorming content.
- Ingestion points: The bmad-gds-document-project command reads existing codebases, and bmad-gds-brainstorm-game processes user-supplied concept data.
- Boundary markers: No explicit delimiters or boundary markers are defined to isolate untrusted content from the agent's core instructions.
- Capability inventory: The skill has access to Bash and Write tools, which could be exploited if malicious instructions are successfully injected via project files.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content read from external game projects.
- [COMMAND_EXECUTION]: The skill explicitly allows the Bash tool for project management tasks, such as running Unity MCP status checks and executing dev stories. This access increases the potential impact of other vulnerabilities, such as indirect prompt injection.
Audit Metadata