Security Audit
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-agent-pm
github.com/PabloLION/bmad-pluginTrust Assessment
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-agent-pm received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Filesystem Access and Data Loading.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 11, 2026 (commit 17efb6ce). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Filesystem Access and Data Loading The skill instructs the LLM to perform a recursive filesystem search for `**/project-context.md` and then 'load' its content. This grants the skill broad read access to the filesystem, potentially allowing it to access and ingest sensitive project data from arbitrary locations into the LLM's context. This is an excessive permission that could lead to unintended data exposure or exfiltration if the loaded content contains sensitive information. Restrict filesystem access to specific, predefined paths or disallow arbitrary file loading. If project context is necessary, it should be explicitly provided by the user or through a secure, sandboxed mechanism that limits scope and prevents recursive searches. Consider using a dedicated tool for context loading that has fine-grained access controls. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/34dd0e4d7d704c81)
Powered by SkillShield