bmad-generate-project-context

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts located in the project's _bmad/scripts/ directory as part of the configuration resolution and workflow completion phases. It also executes user-configurable commands defined in the workflow's activation and completion steps. These scripts and commands are intended to be part of the bmad-labs ecosystem.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) through its ingestion of arbitrary project data. 1. Ingestion points: The workflow reads project configuration files such as package.json, requirements.txt, Cargo.toml, and architecture documents. 2. Boundary markers: Absent. The skill does not implement delimiters or safety instructions to distinguish ingested content from system instructions when presenting discovered data to the agent. 3. Capability inventory: The agent has the ability to write files to the project directory, execute shell commands via python3, and invoke other agent skills. 4. Sanitization: The skill does not validate or sanitize content extracted from project files before incorporating it into the prompt context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 05:26 PM
Security Audit — agent-trust-hub — bmad-generate-project-context