Security Audit

PabloLION/bmad-plugin:plugins/bmad/skills/bmad-retrospective

github.com/PabloLION/bmad-plugin

AI SkillCommit 17efb6ce67d3

CAUTION

Scanned about 18 hours ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

PabloLION/bmad-plugin:plugins/bmad/skills/bmad-retrospective received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Prompt Injection via External File Inclusion.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on April 11, 2026 (commit 17efb6ce). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

70%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings1

Severity	Finding	Layer	Location
CRITICAL	Prompt Injection via External File Inclusion The skill's primary instruction file (`SKILL.md`) contains a directive (`Follow the instructions in ./workflow.md.`) that attempts to instruct the host LLM to read and execute instructions from an external file (`./workflow.md`). This is a prompt injection vulnerability, as it allows the skill to introduce arbitrary instructions to the host LLM, potentially overriding its safety mechanisms or directing it to perform unintended actions. The content of `workflow.md` is not provided in this context, but the instruction itself represents a critical vulnerability. Remove direct instructions to the host LLM from skill descriptions or prompts. Skill definitions should describe the skill's purpose and how to use it, not issue commands to the LLM. If `workflow.md` contains necessary steps, these should be integrated into the skill's code or tool definition that the LLM can call, not as a direct LLM instruction.	LLM	SKILL.md:1

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/bc445c6982f54da3.svg)](https://skillshield.io/report/bc445c6982f54da3)