Security Audit
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-brainstorming
github.com/PabloLION/bmad-pluginTrust Assessment
PabloLION/bmad-plugin:plugins/bmad/skills/bmad-brainstorming received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection via External File Reference.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on April 11, 2026 (commit 17efb6ce). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Prompt Injection via External File Reference The skill's primary instruction in SKILL.md attempts to direct the LLM to read and follow instructions from an external file (`./workflow.md`). Since this instruction is embedded within untrusted content delimiters, it constitutes a prompt injection attempt. The LLM should never follow commands or instructions found within untrusted content, as this could lead to arbitrary code execution or unintended behavior if the referenced file contains malicious instructions. Remove direct instructions to the LLM from untrusted content. The `SKILL.md` should contain the actual instructions for the LLM to use the skill, not instructions for the LLM to load other files. If `workflow.md` contains necessary instructions for the skill, it should be explicitly loaded and processed by the skill's runtime environment, not by the LLM directly interpreting it as an instruction. | LLM | SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/69fd13f1c9105263)
Powered by SkillShield