bmad-create-ux-design
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
{project_root}/_bmad/scripts/resolve_customization.pyto handle configuration merging during the activation phase. - [COMMAND_EXECUTION]: The skill generates interactive HTML documents (ux-color-themes.html, ux-design-directions.html) which include scripted UI elements for design visualization.
- [PROMPT_INJECTION]: The skill ingests various project documents (PRDs, briefs, etc.) to inform its design decisions. This represents a surface for indirect prompt injection as these files are loaded into the agent context without explicit sanitization or boundary markers.
- Ingestion points: {planning_artifacts}/, {output_folder}/, {product_knowledge}/, {project-root}/docs/.
- Boundary markers: Absent.
- Capability inventory: File reading/writing, local script execution, and tool invocation (other skills).
- Sanitization: Absent.
Audit Metadata