bmad-index-docs
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for the legitimate task of indexing project documentation. All operations are local and user-initiated.
- [DATA_EXFILTRATION]: No network tools (curl, wget, etc.) are used. File operations are restricted to listing, reading, and writing a local index.md file. No sensitive file paths (e.g., .ssh, .aws) are targeted.
- [PROMPT_INJECTION]: No malicious instructions, bypass attempts, or system prompt extraction patterns were found in the instructions. The processing of external file content for summaries is handled with a restrictive output format (3-10 word descriptions), mitigating indirect injection risks.
- [EXTERNAL_DOWNLOADS]: The skill does not download any external packages, scripts, or remote content. It relies on standard environment capabilities.
Audit Metadata