bmad-story-pipeline-worktree
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell operations including Git worktree management (
git worktree), branch merging (git merge), and several custom tools (e.g.,/bmad-bmm-create-story,/bmad-tea-testarch-atdd). These tools are invoked with a 'yolo' parameter, which is intended to automate the pipeline by bypassing manual confirmations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where local files are used to determine the agent's actions.
- Ingestion points: The skill reads pipeline execution steps from
references/workflow-steps.mdand project status from_bmad-output/implementation-artifacts/sprint-status.yaml. - Boundary markers: No delimiters or isolation instructions are provided when interpolating content from these files into subagent prompts.
- Capability inventory: The agent possesses capabilities to execute shell commands, modify local repository files via the Edit tool, and delegate complex tasks to general-purpose subagents.
- Sanitization: There is no evidence of input validation or sanitization for the story identifiers or the command strings loaded from the configuration file before they are processed or executed.
Audit Metadata