bmad-shard-doc
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and run the@kayvan/markdown-tree-parserpackage from the npm registry. This package is from an unverified source, which carries the risk of executing unvetted third-party code. - [REMOTE_CODE_EXECUTION]: The execution of
@kayvan/markdown-tree-parservianpxconstitutes remote code execution, as the package content is fetched and executed at runtime. - [COMMAND_EXECUTION]: The skill executes a shell command:
npx @kayvan/markdown-tree-parser explode [source-document] [destination-folder]. Using user-provided paths in shell commands can be a vector for command injection if not properly sanitized. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Reads user-provided markdown files in Step 1. Boundary markers: Absent. Capability inventory: File deletion or moving in Step 6 and shell command execution in Step 3. Sanitization: Absent. An attacker could embed instructions in a markdown file to manipulate the agent's subsequent actions.
Audit Metadata