bmad-investigate
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands as part of its standard operation. This includes running a setup script (
resolve_customization.py) using Python 3 and using system tools likegrepandgit logto analyze the codebase and project history during the investigation process. - [REMOTE_CODE_EXECUTION]: The skill provides a mechanism to execute arbitrary shell commands defined within the
customize.tomlconfiguration file. Theactivation_steps_prepend,activation_steps_append, andon_completefields can be used to run any command on the host system. This represents a risk if the configuration file is modified by an untrusted source or included in a compromised repository. - [PROMPT_INJECTION]: The skill possesses a high surface area for indirect prompt injection because it is specifically designed to ingest and interpret data from untrusted sources.
- Ingestion points: Untrusted data enters the agent context from ticket details (Outcome 1), diagnostic archives, log files, and stack traces (Outcome 2).
- Boundary markers: There are no instructions to use delimiters or ignore potential commands embedded within the data being analyzed.
- Capability inventory: The skill has the ability to execute shell commands, run local Python scripts, and perform parallel tool calls across the filesystem.
- Sanitization: The instructions do not define any sanitization or filtering logic for the data retrieved from external logs or issue trackers before it is processed by the agent.
Audit Metadata