bmad-quick-dev-new-preview
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input ('intent') to drive automated code generation, which is a common surface for indirect prompt injection.
- Ingestion points: User input is ingested and clarified in
steps/step-01-clarify-and-route.md. - Boundary markers: The workflow utilizes
<frozen-after-approval>tags within thetech-spec-template.mdto clearly delimit human-vetted intent from agent-generated plans. - Capability inventory: The skill has the capability to modify the local filesystem ('implement the intent') as described in
steps/step-03-implement.md. - Sanitization: The skill implements a robust defense-in-depth review process in
steps/step-04-review.md. It invokes specialized sub-agents ('Blind hunter', 'Edge case hunter') without conversation context to perform adversarial analysis on generated code, specifically designed to detect malicious or unintended logic before completion. - [COMMAND_EXECUTION]: The skill is authorized to perform filesystem operations to implement user-requested code changes.
- Implementation: In
steps/step-03-implement.md, the agent is instructed to implement code artifacts based on a technical specification. - Safety Controls: The instructions contain strict operational constraints, including 'No push. No remote ops' during implementation and a 'NEVER auto-push' rule in the final presentation step (
steps/step-05-present.md), ensuring that all changes remain local and subject to human approval.
Audit Metadata