bmad-gds
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the skill instructions and reference materials revealed no evidence of malicious intent, obfuscation, or unauthorized data access.
- [COMMAND_EXECUTION]: The skill requests access to
BashandWritetools to automate game development workflows, including the generation of design artifacts, project scaffolding, and test execution. These operations are consistent with the skill's primary purpose. - [EXTERNAL_DOWNLOADS]: The installation instructions and documentation reference external GitHub repositories (
supercent-ioandbmad-code-org) for the skill template and upstream module code. These sources are associated with the skill's development and are documented neutrally. - [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes project files and code.
- Ingestion points: Files are analyzed via
bmad-gds-document-project,bmad-gds-code-review, and playtesting commands. - Boundary markers: The provided documentation does not define specific delimiters or instructions to ignore embedded commands in analyzed data.
- Capability inventory: The skill uses
Bash,Write, andReadacross multiple agents. - Sanitization: No explicit sanitization or filtering of project content is mentioned in the skill definition.
Audit Metadata