bmad-help
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is instructed to read local configuration files, specifically
user-config.yamland files in{project-root}/_bmad/, to resolve variables and project knowledge. These files often contain environment-specific metadata or sensitive project structures. - [EXTERNAL_DOWNLOADS]: The instructions require the agent to fetch remote documentation from URLs provided in the
bmad-help.csvfile (specifically rows marked with_meta). This involves performing network requests to retrieve external content at runtime. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted data into the agent context.
- Ingestion points: Data is ingested from the local
bmad-help.csvfile and remote URLs (e.g.,llms.txt). - Boundary markers: Absent. The skill does not define delimiters or specific instructions to treat fetched content as untrusted data.
- Capability inventory: The skill has the capability to read local files (CSVs, YAMLs, artifacts) and fetch remote data via URLs.
- Sanitization: Absent. There are no instructions to sanitize, filter, or validate the content retrieved from remote documentation sources before using it to answer user questions.
Audit Metadata