bmad-marketing-growth-module
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installation that involve fetching code from an external repository (
https://github.com/MatthiasMRC/bmad-marketing-growth.git) and using a custom CLI tool (bmad install). While GitHub is a standard service, the repository belongs to a third-party account not explicitly listed as a trusted vendor. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architecture of processing untrusted data (user briefs, blog posts for optimization, and external social media content) without explicit boundary markers or sanitization.
- Ingestion points: Processes user-provided campaign briefs, existing blog posts for SEO optimization, and data from external platforms like Reddit and Twitter.
- Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions embedded within the processed data.
- Capability inventory: Manages a multi-agent hierarchy with the ability to read and write to local memory files (
_memory/), and provides integration patterns for external services like Notion and Google Calendar. - Sanitization: Absent; no instructions are provided to the agent to validate or escape content from external sources before processing.
Audit Metadata