bmad-prfaq
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any prompt injection patterns or attempts to bypass agent safety guidelines. All instructions are focused on the intended goal of product validation and documentation.
- [SAFE]: File system operations are restricted to project-specific files (e.g.,
prfaq.md,project-context.md,decision-log.md) within the user's configured output folder. No access to sensitive system directories or credentials was detected. - [SAFE]: Network activity is limited to the use of
WebSearchandWebFetchtools for the stated purpose of grounding product concepts in real market data. No unauthorized data exfiltration patterns were found. - [SAFE]: There is no evidence of remote code execution, obfuscation, or persistence mechanisms. The skill relies on local markdown templates and standard agent capabilities.
- [SAFE]: The skill follows secure practices by documenting decision history and recommending structured hand-offs to other project roles like product managers or architects.
Audit Metadata