beam-connect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes multiple local Python scripts located in
00-system/skills/beam/beam-master/scripts/. These scripts perform legitimate management tasks such as checking configuration, listing agents, and creating tasks. No arbitrary command injection or suspicious parameters were found. - [CREDENTIALS_UNSAFE] (SAFE): The skill prompts users for an API key and workspace ID if they are missing. It correctly identifies the need to store these in a
.envfile and provides instructions on how the user can obtain them from the official provider (app.beam.ai). No hardcoded secrets are present. - [EXTERNAL_DOWNLOADS] (SAFE): No external downloads or remote script executions (e.g., curl/wget piped to bash) are initiated by the skill.
- [PROMPT_INJECTION] (SAFE): No instructions attempting to bypass safety filters or override system prompts were detected. The instructional language is focused on task routing and workflow management.
- [DATA_EXFILTRATION] (SAFE): While the skill manages workspace data, it interacts with local scripts and standard API endpoints expected for the service. No sensitive local files (SSH keys, AWS creds) are targeted for exfiltration.
Audit Metadata