Security Audit
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-agent-analyst
github.com/PabloLION/bmad-pluginTrust Assessment
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-agent-analyst received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Filesystem Access for Context Loading.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 11, 2026 (commit 17efb6ce). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Filesystem Access for Context Loading The skill is instructed to search for `**/project-context.md` and load its content. The use of the `**` wildcard implies a recursive search across potentially many directories, granting broad filesystem access. Loading arbitrary local files as 'foundational reference' without explicit user consent or clear scope limitation can lead to the LLM processing and potentially exposing sensitive information from these files if later prompted to do so (data exfiltration). Restrict the scope of filesystem access. Instead of `**`, specify a limited, well-defined path (e.g., `./project-context.md` or a specific project directory). Implement explicit user confirmation before loading local files, especially if their content might be sensitive. Ensure that the loaded content is handled securely and not inadvertently exposed in responses. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/c7d9eb662836c1c8)
Powered by SkillShield