Security Audit
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-bmb-setup
github.com/PabloLION/bmad-pluginTrust Assessment
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-bmb-setup received a trust score of 39/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 0 critical, 4 high, 0 medium, and 1 low severity. Key findings include Unsafe deserialization / dynamic eval, Command Injection via User-Controlled Path in `mkdir -p`, Unpinned Dependency in `merge-config.py`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on April 11, 2026 (commit 17efb6ce). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | plugins/bmad/skills/bmad-bmb-setup/scripts/cleanup-legacy.py:18 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | plugins/bmad/skills/bmad-bmb-setup/scripts/merge-config.py:19 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | plugins/bmad/skills/bmad-bmb-setup/scripts/merge-help-csv.py:16 | |
| HIGH | Command Injection via User-Controlled Path in `mkdir -p` The skill instructs the LLM to create directories using `mkdir -p` based on configuration values (e.g., `output_folder` or module variables) that can be influenced by user input. If a user provides a malicious string containing shell metacharacters (e.g., `'; rm -rf /'`) for a path-type configuration variable, and the LLM directly interpolates this value into a shell command like `mkdir -p <user_controlled_path>` without proper escaping, it could lead to arbitrary command execution on the host system. The `SKILL.md` explicitly states that user input can modify these path values and that the LLM is responsible for resolving `{project-root}` and executing `mkdir -p`. The LLM must ensure that any user-provided path components used in shell commands (like `mkdir -p`) are properly escaped or quoted to prevent shell metacharacter interpretation. For example, using `shlex.quote()` in Python before passing to `subprocess.run(..., shell=True)` or ensuring the command is run without `shell=True` and arguments are passed as a list. | LLM | SKILL.md:100 | |
| LOW | Unpinned Dependency in `merge-config.py` The `scripts/merge-config.py` script declares `pyyaml` as a dependency using `requires-python = "pyyaml"` without specifying a version. If the LLM or the environment is responsible for installing this dependency, using an unpinned version (e.g., `pip install pyyaml`) can expose the system to supply chain risks. A malicious actor could publish a compromised version of `pyyaml` or a typosquatted package, which would then be installed and executed. Pin the dependency to a specific, known-good version (e.g., `pyyaml==6.0.1`) to mitigate risks from malicious updates or typosquatting. This should be reflected in the `dependencies` declaration within the script's header. | LLM | scripts/merge-config.py:3 |
Scan History
Embed Code
[](https://skillshield.io/report/daf0b631d5640426)
Powered by SkillShield