bmad-ux
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Bash and Python scripts (
wcag-checklist.sh,contrast-check.py,responsive-breakpoints.sh) to generate reference material and verify color contrast ratios. These scripts are statically provided within the skill'sscriptsdirectory and perform only mathematical calculations or text output. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to the ingestion of external data for planning purposes:
- Ingestion points: Reads project requirements and architecture from
bmad-output/prd.mdandbmad-output/architecture.mdin SKILL.md. - Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore embedded instructions when passing project data to subagents.
- Capability inventory: Subprocess execution (Bash/Python) and file system access (Read, Write, Edit, Glob, Grep) within the project directory.
- Sanitization: None; ingested data is directly interpolated into subagent prompt templates.
- [SAFE]: No obfuscation, persistence mechanisms, privilege escalation, or unauthorized network operations were identified. The skill's stated purpose of UX planning aligns with its technical implementation and limited capability set.
Audit Metadata