bmad-create-epics-and-stories
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script located at
{project-root}/_bmad/scripts/resolve_customization.pyduring activation and completion to handle configuration merging and final tasks. This is standard functionality for the BMad framework and is restricted to the local project context.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes content from external, untrusted project documents (PRDs, Architecture, and UX Design files).\n - Ingestion points: Reads requirements from markdown files located in the project's documentation directories.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflow.\n
- Capability inventory: The agent has the capability to write files (
epics.md) and execute local Python commands.\n - Sanitization: The skill does not perform sanitization or validation of the text extracted from input documents before processing it.\n- [COMMAND_EXECUTION]: The workflow includes a dynamic execution mechanism where the
workflow.on_completeconfiguration andactivation_stepsarrays are resolved and followed as instructions. While this allows for dynamic behavior, it relies on local configuration files provided by the user.
Audit Metadata