Skills
skills/aj-geddes/claude-code-bmad-skills/bmad-document-project/Gen Agent Trust Hub

bmad-document-project

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs a systematic scan of the codebase that includes accessing sensitive configuration files such as .env, package.json, and database connection code. While it explicitly instructs the agent to capture only service names and patterns rather than actual secrets, the broad read access to these files constitutes a data exposure surface.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted codebase data.
  • Ingestion points: The agent reads arbitrary files from the codebase (Pass 1-6) using Read, Glob, and Grep tools.
  • Boundary markers: The output document uses markdown headers and code blocks for structure, but lacks explicit delimiters or instructions to ignore embedded commands within the scanned content.
  • Capability inventory: The skill is limited to Read, Glob, Grep, Write, and TodoWrite. It cannot execute shell commands or application code.
  • Sanitization: The skill does not specify sanitization or validation of the content read from files before it is placed into the output documentation.
  • [COMMAND_EXECUTION]: The skill's operational scope is strictly limited to read-only scanning and writing a single output file. It explicitly forbids the execution of application code, scripts, or build tools, and does not request shell access tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 12:30 PM
Security Audit — agent-trust-hub — bmad-document-project