bee-collect
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from codebase comments and user-provided task lists to generate GitHub issues.
- Ingestion points: Reads file contents using
grepandgf, retrieves existing issue lists viagh, and parses user input in 'Phase 1: BUZZ'. - Boundary markers: Employs structured Markdown templates and uses shell heredocs with quoted delimiters.
- Capability inventory: File system read access, codebase search, and GitHub issue creation/batching.
- Sanitization: The use of quoted heredocs (
cat <<'EOF') in shell commands effectively prevents shell interpolation or command execution from malicious content embedded in the tasks. - [COMMAND_EXECUTION]: Executes commands using vendor-specific tools
gf(Grove Tools) andgw. These are identified as legitimate resources associated with the author's 'autumnsgrove' namespace and perform their intended functions of codebase exploration and GitHub interaction.
Audit Metadata