bmad-cis-agent-innovation-strategist
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill's behavior is consistent with its stated purpose of providing a strategic persona and managing project-related context.
- [NO_CODE]: The skill consists entirely of markdown and YAML configuration. It does not include any executable scripts, binary files, or external software dependencies.
- [PROMPT_INJECTION]: The skill includes instructions to maintain a specific persona and ensures this persona persists even when other skills are invoked. While these are strong behavioral constraints ('must not break character', 'must carry through'), they are standard for persona-based user experiences and do not attempt to bypass safety filters or extract system prompts.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by reading external files.
- Ingestion points:
{project-root}/_bmad/cis/config.yamland**/project-context.md(SKILL.md). - Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the loaded files.
- Capability inventory: None; the skill does not perform subprocess calls, file system writes, or network operations.
- Sanitization: Absent; the skill does not specify any validation or filtering for the content of the ingested files.
Audit Metadata