skills/akillness/jeo-skills/bmad/Gen Agent Trust Hub

bmad

Fail

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The 'scripts/install.sh' file contains a command that fetches a shell script from 'https://plannotator.ai/install.sh' and pipes it directly into the 'sh' interpreter. This method of installation allows for arbitrary code execution on the host system without verification, presenting a significant security risk.
  • [EXTERNAL_DOWNLOADS]: The skill's setup process and operational workflows rely on downloading scripts and binary tools from 'plannotator.ai', a domain that is not recognized as a trusted organization or well-known service in the security policy.
  • [COMMAND_EXECUTION]: Several bash scripts ('scripts/init-project.sh', 'scripts/check-status.sh', 'scripts/phase-gate-review.sh') execute shell commands to perform file system operations and system checks. While functional, these scripts possess capabilities that could be exploited to perform unauthorized actions if the project environment or configuration files are compromised.
  • [PROMPT_INJECTION]: The skill is designed to process external project data, such as product briefs and repository content, to determine workflow transitions. Ingestion points: 'SKILL.md' (via LLM context) and local scripts reading project YAML files. Boundary markers: Absent. Capability inventory: 'scripts/install.sh' (remote execution), 'scripts/phase-gate-review.sh' (external tool invocation). Sanitization: Absent. This structure creates a surface for indirect prompt injection where malicious instructions embedded in project artifacts could influence the agent's behavior.
Recommendations
  • HIGH: Downloads and executes remote code from: https://plannotator.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — bmad