ralph-tui-create-beads
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its PRD processing logic. * Ingestion points: Processes user-supplied PRDs in markdown or text format (SKILL.md). * Boundary markers: No delimiters or 'ignore' instructions are present to protect against malicious instructions in the PRD. * Capability inventory: Generates shell commands via the
bdCLI and prepares quality gate commands (e.g.,pnpm lint) for execution. * Sanitization: None; the skill trusts and extracts commands directly from the source text. - [COMMAND_EXECUTION]: The skill generates shell commands for task creation and relies on the execution of developer commands extracted from potentially untrusted PRDs.
Audit Metadata