bmad-synthesize
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script snippet used for prerequisite verification. This script iterates through a list of 11 required documentation files in the
docs/reverse-engineering/directory and checks for their existence using standard file test operators. It does not perform any write operations or execute external code. - [EXTERNAL_DOWNLOADS]: The synthesis report and integration sections mention the
bmad-methodpackage, specifically recommending the commandnpx bmad-method@alpha installto the user. This is a reference to an external dependency required for the broader BMAD workflow and is presented as a manual setup step rather than an automated or hidden execution by the skill itself. - [SAFE]: The skill's core functionality is a mapping and synthesis process that translates content from 11 source markdown files into 4 structured output files. This process is documented with clear mappings for each artifact. There are no indications of data exfiltration, obfuscation, or persistence mechanisms. The skill also handles inferred data by marking it for user review, which is a good transparency practice.
Audit Metadata