bmad-init
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts provided within its package (
scripts/select-track.shandscripts/init-project.sh) to perform workspace initialization and heuristic-based track recommendations. - [DYNAMIC_EXECUTION]: The
init-project.shscript generates project configuration and documentation files (YAML and Markdown) by substituting user-provided metadata into predefined templates usingsed. This is a standard template-rendering process for project scaffolding. - [SAFE]: Analysis of the skill instructions and scripts shows no evidence of prompt injection, network exfiltration, or unauthorized file system access. The skill explicitly limits its scope to creating planning artifacts and avoids any code execution or build activities.
Audit Metadata