Skills
skills/bmad-labs/skills/bmad-checkpoint-preview/Gen Agent Trust Hub

bmad-checkpoint-preview

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (resolve_customization.py) and command-line utilities (git, gh) to manage the workflow, resolve configuration, and interact with GitHub PRs. These operations are performed in the project's root directory and use standard tools for developer environments.
  • [PROMPT_INJECTION]: The skill processes untrusted external data, including Git diffs, PR descriptions, and specification files. It lacks explicit instructions to ignore or sanitize embedded instructions within this data, creating a surface for indirect prompt injection.
  • Ingestion points: Git diff outputs, PR content via gh pr view, and project files such as project-context.md or sprint status files.
  • Boundary markers: No explicit delimiters or instructions to treat the ingested data as non-executable text are present in the prompt instructions.
  • Capability inventory: The agent has the ability to execute shell commands (python3, git, gh) and read/write files within the project directory.
  • Sanitization: No sanitization or validation of the ingested external content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 05:25 PM