bmad-index-docs
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it reads the contents of untrusted files to generate summaries.
- Ingestion points: Reads all files in the target directory during Step 3 of execution.
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to ignore instructions embedded within the files being indexed.
- Capability inventory: File system write access (Step 4) to create or update the 'index.md' file.
- Sanitization: Absent. The agent is directed to process the raw content of files to determine their purpose.
Audit Metadata