bee-collect
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted user input from tasks, TODOs, or brain dumps and interpolates this data into GitHub issue templates and temporary JSON files.
- Ingestion points: User-provided tasks and ideas parsed in SKILL.md during the BUZZ phase.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the user-provided data.
- Capability inventory: The skill possesses the ability to write to the filesystem (cat > /tmp/bee-issues.json) and interact with the GitHub API (gw gh issue create) in the BURY phase.
- Sanitization: There is no evidence of input validation or escaping before interpolation into command arguments or file contents.
- [COMMAND_EXECUTION]: The skill uses shell commands and local utilities to perform its primary functions.
- Evidence: Employs tools like gf for searching, gw for GitHub operations, and cat for creating temporary files as documented in the INSPECT and BURY phases of SKILL.md.
Audit Metadata