bmad-prd
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill demonstrates a high level of security awareness by implementing a 'source extractor' pattern. Instead of ingesting large external documents directly into the primary context, it uses subagents to extract only relevant snippets, which effectively mitigates the risk of indirect prompt injection from untrusted source materials.
- [COMMAND_EXECUTION]: The skill executes internal Python scripts to manage workflow configuration (
resolve_customization.py) and render validation reports (render-validation-html.py). The included script for HTML rendering was analyzed and found to be safe, using only standard Python libraries and applying proper HTML escaping to user-provided content. - [DATA_EXFILTRATION]: No unauthorized data exfiltration mechanisms were detected. The skill's file system access is restricted to the user's project workspace and specified output directories. External handoffs (e.g., to Confluence or Jira) are handled via standard platform-level MCP tools according to the user's explicit configuration.
- [SAFE]: The skill includes robust sanitization in its HTML reporting script. By using the
html.escapelibrary for all variable substitutions into the template, it prevents Cross-Site Scripting (XSS) or other injection attacks within the generated validation reports.
Audit Metadata