bmad-help
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external documentation from URLs defined in local configuration files to answer user questions, which represents a potential indirect prompt injection surface.
- Ingestion points: Remote URLs (e.g., llms.txt) specified in
{project-root}/_bmad/_config/bmad-help.csv. - Boundary markers: The skill does not explicitly define delimiters for fetched documentation content.
- Capability inventory: The skill has the capability to fetch remote data via URL but does not possess arbitrary command execution or file-write capabilities.
- Sanitization: There is no mention of sanitization or filtering for the retrieved documentation content.
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch module documentation from external URLs (identified as llms.txt or similar). This behavior is intended for its primary purpose of providing grounded answers and aligns with standard practices for LLM-readable documentation.
Audit Metadata