bmad-generate-project-context
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill attempts to execute a local Python script (
resolve_customization.py) from the project's_bmad/scripts/directory to resolve configuration merges. While this allows for flexible customization, it relies on the integrity of the files within the user's project root. - [EXTERNAL_DOWNLOADS]: The workflow references the potential invocation of external skills, specifically
bmad-advanced-elicitationandbmad-party-mode, to assist with generating and reviewing implementation rules. These references occur during interactive steps of the workflow. - [DATA_EXFILTRATION]: The skill reads various project files (e.g., package.json, requirements.txt, architecture.md) to gather context. This information is used exclusively to generate a local
project-context.mdfile and is not transmitted to external domains or third-party services. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection:
- Ingestion points: Reads contents from
{project-root}/**/project-context.md,{planning_artifacts}/architecture.md, and common package manifest files (package.json, requirements.txt, etc.). - Boundary markers: No explicit delimiters or instructions are used to separate untrusted file content from the agent's internal instructions during discovery.
- Capability inventory: Capable of executing shell commands via
python3and performing file writes to the local filesystem. - Sanitization: No explicit sanitization or filtering of the ingested file content is documented before processing.
Audit Metadata