bmad-prfaq
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill exhibits no malicious behavior. All network operations (web research) and file access are scoped to the intended product development workflow.
- [COMMAND_EXECUTION]: The skill invokes a local Python script (resolve_customization.py) and executes shell commands defined in project-level configuration files (activation_steps). These functions facilitate initialization and are constrained to the user's local environment.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present due to the ingestion of project documents and web content. Evidence: 1. Ingestion points: agents/artifact-analyzer.md (project files) and agents/web-researcher.md (web results). 2. Boundary markers: No specific delimiters are defined to isolate external content. 3. Capability inventory: Includes local Python execution and file-write operations. 4. Sanitization: No explicit validation or filtering logic is present in the instructions. This surface is inherent to the skill's research capabilities and is assessed as low risk.
Audit Metadata