Skills
skills/bmad-code-org/bmad-utility-skills/bmad-os-findings-triage/Gen Agent Trust Hub

bmad-os-findings-triage

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests findings from potentially untrusted external sources and interpolates them into sub-agent prompts.
  • Ingestion points: Findings report files, TaskList descriptions, and inline user input as defined in Phase 1 of SKILL.md.
  • Boundary markers: The skill lacks explicit delimiters or instructions for sub-agents to ignore potentially malicious content within the findings.
  • Capability inventory: Sub-agents have file-editing capabilities, while the lead agent uses the gh CLI for GitHub API access and tam-push for pushing code changes.
  • Sanitization: There is no evidence of input validation or sanitization for the findings data before processing.
  • [COMMAND_EXECUTION]: The skill executes gh CLI commands to post comments and query the GitHub GraphQL API in Phase 3 of SKILL.md.
  • [DATA_EXFILTRATION]: The skill can transmit data to GitHub repositories via PR comments and API calls. While this is the intended use case for reporting triage results, it provides a channel for potential data leakage if the agent is manipulated via malicious input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:17 PM