Skills
skills/bmad-code-org/bmad-method/bmad-agent-analyst/Gen Agent Trust Hub

bmad-agent-analyst

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: During Step 1 of the activation process, the skill executes a local Python script {project-root}/_bmad/scripts/resolve_customization.py using uv run. This command is used to process customization files within the project environment.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) as it processes untrusted project data and executes instructions from it:
  • Ingestion points: Loads data from {project-root}/_bmad/custom/{skill-name}.yaml, {skill-name}.user.yaml, {project-root}/_bmad/bmm/config.yaml, and {project-root}/**/project-context.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when loading these files.
  • Capability inventory: The skill can execute shell commands via uv run and dispatch to other registered skills based on the contents of the agent.menu or agent.critical_actions fields.
  • Sanitization: There is no evidence of sanitization or validation performed on the prompt text or actions defined in the customization files before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 03:02 AM