Skills
skills/bmad-code-org/bmad-builder/bmad-workflow-builder/Gen Agent Trust Hub

bmad-workflow-builder

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Several scripts in the scripts/ directory use subprocess.run to execute system commands. scripts/scan-scripts.py runs linters, while scripts/generate-convert-report.py and scripts/generate-html-report.py use platform-specific commands like open, xdg-open, or start to launch the user's web browser for report viewing.\n- [EXTERNAL_DOWNLOADS]: The scripts/scan-scripts.py script utilizes the uv and npx package runners to invoke Ruff, ShellCheck, and Biome. These tools are fetched from their respective official registries (PyPI and npm) if they are not already cached in the execution environment.\n- [PROMPT_INJECTION]: The skill processes user-supplied files during the quality analysis phase, which creates a surface for indirect prompt injection. Malicious instructions within an analyzed skill could potentially attempt to influence the judgment of analysis subagents.\n
  • Ingestion points: quality-analysis.md triggers scripts that read target skill files for analysis.\n
  • Boundary markers: The skill converts raw file content into structured JSON metrics before passing them to LLM subagents, providing a data-structure boundary.\n
  • Capability inventory: The skill can execute local scripts and system commands for linting and report generation.\n
  • Sanitization: Analyzed content is processed as data; the system does not explicitly filter or sanitize the analyzed files for embedded natural language instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:24 AM