skills/akillness/jeo-skills/bmad-gds/Gen Agent Trust Hub

bmad-gds

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data.
  • Ingestion points: SKILL.md (Step 1) explicitly collects data from playtest-feedback and bug-or-build-issues.
  • Boundary markers: The instructions lack explicit boundary markers or delimiters to protect the agent from instructions embedded within the ingested data.
  • Capability inventory: The skill is configured with Read, Write, Bash, Grep, and Glob tools (SKILL.md frontmatter).
  • Sanitization: No sanitization or filtering mechanisms for the external input are defined.
  • [EXTERNAL_DOWNLOADS]: The documentation references an external project repository on GitHub.
  • Evidence: REFERENCE.md points to https://github.com/bmad-code-org/bmad-module-game-dev-studio for upstream documentation.
  • [COMMAND_EXECUTION]: The skill uses shell tools and references a set of specialized CLI commands for game development tasks.
  • Evidence: The allowed-tools includes Bash. REFERENCE.md lists various commands such as bmad-gds-document-project, bmad-gds-game-brief, and bmad-gds-sprint-planning which are intended for execution by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — bmad-gds