bmad-architecture

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local Python utility scripts provided by the vendor to manage state and validate output. These scripts, including memlog.py, resolve_customization.py, and lint_spine.py, are executed via python3 to perform logging, configuration resolution, and deterministic linting of the architecture documents.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze untrusted project data such as SPEC.md, source code, and project context files.
  • Ingestion points: The agent reads project-level files like SPEC.md, project-context.md, and existing source code to derive architecture conventions.
  • Boundary markers: While the instructions do not specify explicit delimiters for data interpolation, the skill implements a 'Reviewer Gate' process that uses parallel subagents to independently verify the output against adversarial clashing and inconsistency.
  • Capability inventory: The skill has the capability to read/write local files within the workspace and execute specified Python scripts from the vendor's tool directory.
  • Sanitization: The skill relies on the 'Reviewer Gate' rubric and LLM reasoning to identify and reconcile contradictions or malicious instructions within ingested data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 01:40 AM
Security Audit — agent-trust-hub — bmad-architecture