Skills
skills/bmad-code-org/bmad-method/bmad-edit-prd/Gen Agent Trust Hub

bmad-edit-prd

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands and scripts to manage workflow state and configuration. Specifically, in SKILL.md, it runs python3 {project-root}/_bmad/scripts/resolve_customization.py to merge customization settings. In steps-e/step-e-01-discovery.md, it uses ls -t to find recent validation reports. These commands are used for workflow orchestration within the project's local directory structure.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface (Category 8). It ingests untrusted data from multiple sources including user-provided PRD files, validation reports, and project context files (project-context.md).
  • Ingestion points: PRD markdown files, validation-report-*.md files, and {project-root}/**/project-context.md globs.
  • Boundary markers: The instructions do not specify explicit delimiters (like XML tags or unique markers) to isolate ingested file content from the agent's instructions.
  • Capability inventory: The skill possesses the ability to execute shell commands (ls), run Python scripts (python3), and write/update files on the local filesystem (PRD edits).
  • Sanitization: There is no evidence of sanitization or validation of the content read from external files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:39 AM