bmad-agent-pm
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script located at
{project-root}/_bmad/scripts/resolve_customization.pyto manage its configuration. This execution is confined to the local project environment. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection by ingesting untrusted content from the project workspace into its persistent memory.
- Ingestion points: The agent loads facts from files matching
{project-root}/**/project-context.mdand configuration from{project-root}/_bmad/bmm/config.yaml. - Boundary markers: Absent. The instructions specify that the agent should treat loaded content as foundational context without using delimiters or safety warnings to ignore instructions within the data.
- Capability inventory: The agent is capable of shell command execution (
python3), file system access, and invoking secondary skills through a menu system. - Sanitization: None. Content is loaded and adopted as persistent facts verbatim without filtering or validation.
Audit Metadata