Skills
skills/bmad-code-org/bmad-method/bmad-shard-doc/Gen Agent Trust Hub

bmad-shard-doc

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and run @kayvan/markdown-tree-parser from the npm registry at runtime.\n- [REMOTE_CODE_EXECUTION]: Runtime execution of a third-party npm package using the npx command occurs in Step 3.\n- [COMMAND_EXECUTION]: The skill performs file system operations including creating directories, moving files, and deleting the original source document based on user interaction.\n- [PROMPT_INJECTION]: The skill processes user-provided markdown files using an external parser. This creates an attack surface where malicious content in the document could potentially influence agent behavior or exploit vulnerabilities in the parsing logic.\n
  • Ingestion points: Reads local markdown files (SKILL.md Step 1).\n
  • Boundary markers: None identified to delimit the untrusted content.\n
  • Capability inventory: npx execution, file deletion, file move, directory creation.\n
  • Sanitization: No sanitization of the input file content is mentioned before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 11:46 AM
Security Audit — agent-trust-hub — bmad-shard-doc