bmad-retrospective
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local Python scripts (
resolve_customization.pyandresolve_config.py) located within the project's_bmad/scripts/directory to manage configuration and customization layers. - [COMMAND_EXECUTION]: Designed to execute arbitrary shell commands defined in the
activation_steps_prependandactivation_steps_appendconfiguration blocks, which can be modified via team or user-level configuration files. - [PROMPT_INJECTION]: Susceptible to indirect prompt injection (Category 8) as it processes various project documents that could contain untrusted data.
- Ingestion points: Reads epics, story files, architecture documentation, and product requirements (PRDs) from the project directory.
- Boundary markers: Missing explicit delimiters or instructions to ignore embedded commands when processing these files.
- Capability inventory: Includes file-writing (saving retrospectives) and command execution (via helper scripts and activation steps).
- Sanitization: No evidence of sanitization or validation of the content extracted from project files before it is used to influence agent behavior.
Audit Metadata