Skills
skills/bmad-code-org/bmad-method/bmad-agent-tech-writer/Gen Agent Trust Hub

bmad-agent-tech-writer

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local configuration resolution script using uv run at the path {project-root}/_bmad/scripts/resolve_customization.py.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted user documents for technical writing and validation. Evidence Chain: 1. Ingestion points: User-provided documents and references in write-document.md and validate-doc.md. 2. Boundary markers: None identified in instructions. 3. Capability inventory: Mentions subprocess usage for research and content review in write-document.md. 4. Sanitization: No sanitization or escaping mechanisms are described for external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 03:02 AM