bmad-gds
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the
Bashtool to perform development tasks, manage sprint statuses, and execute testing frameworks within the local environment.\n- [EXTERNAL_DOWNLOADS]: Installation instructions reference thenpxpackage runner and an external GitHub repository (supercent-io/skills-template) for project scaffolding.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and documenting external project data.\n - Ingestion points: Reads game project files and documentation using
Read,Grep, andGlobtools across multiple workflow phases.\n - Boundary markers: No explicit delimiters or 'ignore' instructions are provided to separate project data from agent commands.\n
- Capability inventory: Agents possess significant capabilities including
Write(file system modification) andBash(shell execution) which could be leveraged if malicious instructions are encountered in project files.\n - Sanitization: No evidence of sanitization or validation for external project content is present in the skill configuration.
Audit Metadata