bmad-epic-pipeline-worktree
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to programmatically invoke other skills and execute arbitrary shell commands defined in the workflow-steps.md configuration file. It manages Git worktrees and performs branch merges as part of its core logic.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data files to determine its execution flow.
- Ingestion points: Reads task metadata and status information from _bmad-output/implementation-artifacts/sprint-status.yaml or docs/sprint/sprint-status.yaml.
- Boundary markers: None identified. The skill does not use specific delimiters or safety instructions to prevent the agent from obeying instructions potentially embedded within the YAML data (e.g., in story names).
- Capability inventory: Executes the /bmad-story-pipeline-worktree command, which involves filesystem modifications (worktrees), Git operations (merge, add, commit), and any shell commands specified in the workflow-steps.md pipeline config.
- Sanitization: No validation or sanitization of the input data from the YAML files is performed before it is interpolated into subagent tasks or logical branching decisions.
Audit Metadata