bmad-cis-agent-presentation-master
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong persona enforcement language, instructing the agent that it 'must not break character' and that the persona 'must carry through' when other skills are called. This 'persona lock' pattern can potentially be used to override system instructions or the logic of other tools.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from the local filesystem: 1. Ingestion points: Loads config from
_bmad/cis/config.yamland searches for**/project-context.md(SKILL.md). 2. Boundary markers: None present. 3. Capability inventory: Invokes other skills based on user codes (SD, EX, etc.) listed in the capabilities table. 4. Sanitization: None present.
Audit Metadata