bmad-research
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (
scripts/research-sources.sh) to display a research strategy guide. The script is internally managed and contains only text output logic. - [EXTERNAL_DOWNLOADS]: The skill uses
WebSearchandWebFetchto gather data from various public web sources such as industry reports, competitor sites, and official documentation to populate its research reports. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the live web (e.g., product reviews, social media sentiment, and third-party documentation). This is an inherent risk of its primary research function.
- Ingestion points: External data retrieved via
WebSearchandWebFetchas described inSKILL.md. - Boundary markers: The skill uses a structured markdown template (
templates/research-report.template.md) to format findings, providing some structural isolation for external content. - Capability inventory: The skill has capabilities for file system access (
Read,Write,Edit,Glob), command execution (Bash), and network operations (WebSearch,WebFetch) as defined inSKILL.md. - Sanitization: No explicit sanitization or filtering of external content is mentioned before interpolation into the report template.
Audit Metadata