bmad-agent-code-coach
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python initialization script (init-sanctum.py) to set up its file structure and prepare templates. It also supports the creation and execution of custom Python or Bash scripts as 'Learned Capabilities' to perform deterministic tasks like code analysis.
- [DATA_EXFILTRATION]: The agent is granted read access to the project root to provide context-aware coaching. However, it implements a strict security boundary in its core configuration, explicitly denying access to .env files, credentials, secrets, and authentication tokens.
- [INDIRECT_PROMPT_INJECTION]: As a code review and pair-programming assistant, the agent ingests untrusted code from the user's project. This creates a surface for indirect prompt injection, though the risk is mitigated by the agent's specific persona and core safety instructions ('First Law').
- [DYNAMIC_EXECUTION]: The skill is designed to be 'evolvable,' allowing the agent to generate and refine its own prompt-based or script-based capabilities over time. This dynamic behavior is a core functional requirement for its role as a growing mentor.
Audit Metadata