bmad-editorial-review-structure
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a 'STYLE GUIDE OVERRIDE' instruction that directs the agent to prioritize the content of the 'style_guide' input over its own internal rules. This establishes a high-trust pathway for untrusted external data.
- [PROMPT_INJECTION]: The 'CONTENT IS SACROSANCT' rule explicitly forbids the agent from challenging the ideas in the input content, which could be used to force the processing of malicious or prohibited instructions disguised as document content.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via untrusted inputs.
- Ingestion points: Data enters the agent context through the 'content' and 'style_guide' fields in SKILL.md.
- Boundary markers: The prompt lacks explicit delimiters or markers to separate instructions from data, making it easier for embedded instructions to be executed by the model.
- Capability inventory: The skill has no executable code or access to dangerous tools (e.g., shell, network, or filesystem).
- Sanitization: No input validation or sanitization is performed on the 'content' or 'style_guide' parameters.
Audit Metadata