bmad-architecture
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python utility scripts provided by the vendor to manage state and validate output. These scripts, including
memlog.py,resolve_customization.py, andlint_spine.py, are executed viapython3to perform logging, configuration resolution, and deterministic linting of the architecture documents. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze untrusted project data such as
SPEC.md, source code, and project context files. - Ingestion points: The agent reads project-level files like
SPEC.md,project-context.md, and existing source code to derive architecture conventions. - Boundary markers: While the instructions do not specify explicit delimiters for data interpolation, the skill implements a 'Reviewer Gate' process that uses parallel subagents to independently verify the output against adversarial clashing and inconsistency.
- Capability inventory: The skill has the capability to read/write local files within the workspace and execute specified Python scripts from the vendor's tool directory.
- Sanitization: The skill relies on the 'Reviewer Gate' rubric and LLM reasoning to identify and reconcile contradictions or malicious instructions within ingested data.
Audit Metadata