bmad-quick-dev
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script (
resolve_customization.py) from the{project-root}/_bmad/scripts/directory during both the activation (SKILL.md) and completion (step-05-present.md, step-oneshot.md) phases. - [COMMAND_EXECUTION]: Uses the
codeCLI tool to open the project root and generated specification files in the user's VS Code editor for review (step-05-present.md, step-oneshot.md). - [COMMAND_EXECUTION]: Executes several Git commands, including
git status,git rev-parse, andgit commit, to manage the local repository state during the workflow (step-01-clarify-and-route.md, step-05-present.md). - [PROMPT_INJECTION]: The skill ingests untrusted project documentation to guide code generation, creating a surface for indirect prompt injection.
- Ingestion points: User intent,
project-context.md(SKILL.md), and planning artifacts such as PRDs, architecture guides, and epics (step-01-clarify-and-route.md). - Boundary markers: Utilizes
<frozen-after-approval>tags in specification templates to separate human-validated intent from agent-derived tasks (spec-template.md, step-02-plan.md). - Capability inventory: Performs file system writes, executes shell commands (Git, Python, VS Code), and delegates work to sub-agents (step-03-implement.md, step-04-review.md).
- Sanitization: No explicit sanitization or filtering of ingested document content is described.
- [PROMPT_INJECTION]: Dynamically executes instructions defined in the
activation_steps_prepend,activation_steps_append, andon_completeconfiguration fields (SKILL.md, step-05-present.md).
Audit Metadata